GHSA-757G-M98V-6R49 Jenkins Sofy.AI Plugin stores API token in plain text

Jenkins Sofy.AI Plugin stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...

Jenkins Sofy.AI Plugin stores API token in plain text

Jenkins Sofy.AI Plugin stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...

(0Day) Jenkins Sofy.AI Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Sofy.AI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Sofy.AI plugin. The issue results from storing credentials in plaintext. An...

Unspecified Vulnerability in CloudBees Jenkins Sofy.AI Plugin

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Sofy.AI Plugin is used in one of the plugin from the Jenkins Pipelines for...

CVE-2019-10447

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10447

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10447

Summary: The Jenkins Sofy.AI Plugin stores credentials (including API tokens) unencrypted in job config.xml files on the Jenkins master/controller. The root cause is plaintext storage of sensitive data, making it viewable by users with Extended Read permission or anyone with access to the Jenkins...

CVE-2019-10447

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...