Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments.
{ "github_reviewed_at": "2023-04-05T20:19:51Z", "github_reviewed": true, "nvd_published_at": "2023-03-28T20:15:00Z", "cwe_ids": [ "CWE-214" ], "severity": "MODERATE" }