Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments.
CPE | Name | Operator | Version |
---|---|---|---|
com.veracode.jenkins:veracode-scan | lt | 23.3.19.0 |