Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Affected Packages

Maven com.mobileenerlytics.eagle.tester:eagle-tester

Affected versions: 0 (last affected: 1.0.9)

Related CVEs

CVE-2020-2129

Key Information

GHSA ID

GHSA-vj6f-q4w6-qx9p

Published

May 24, 2022 5:08 PM

Last Modified

June 24, 2022 12:59 AM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.mobileenerlytics.eagle.tester:eagle-tester

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.