This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local user to view the password on the target system.
The vulnerability exists due to the affected software stores credentials unencrypted in its global configuration file "io.jenkins.plugins.delphix.GlobalConfiguration.xml" on the Jenkins master. A local authenticated user with access to the master file system can obtain these credentials.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
Delphix: 1.0.0 - 2.0.4CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?