Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Storing a password in plaintext may result in a system compromise.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vaddy | Jenkins | * | 1.2.8 (including) |