$ "C:\Program Files (x86)\WiX Toolset v3.9\bin\light.exe" -nologo -out D:\Jenkins\workspace\project-win-0.70.0-ti\build\production\project\win\project. I found an example of weakly stored credentials in the Publish Over Dropbox Plugin this plugin used a simple web form with a textbox element to display the token in the plugin. Executing command: "C:\Program Files (x86)\WiX Toolset v3.9\bin\light.exe" -nologo -out D:\Jenkins\workspace\project-win-0.70.0-ti\build\production\project\win\project.msi I found a Jenkins security advisory describing this issue and came to the conclusion that this could be a problem in some plugins, albeit one that could be fixed easily. isValid: D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wixobj
Linking to file: D:\Jenkins\workspace\project-win-0.70.0-ti\build\production\project\win\project.msi isValid: D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wxs Usage: light.exe objectFile think he checks local jenkins not on the node: $ "C:\Program Files (x86)\WiX Toolset v3.9\bin\light.exe" -nologo -out D:\Jenkins\workspace\project-win-0.70.0-ti\setup.msi Executing command: "C:\Program Files (x86)\WiX Toolset v3.9\bin\light.exe" -nologo -out D:\Jenkins\workspace\project-win-0.70.0-ti\setup.msi no valid object file: D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wixobj Linking to file: D:\Jenkins\workspace\project-win-0.70.0-ti\setup.msi The plug-in now encrypts the API key transmitted to administrators viewing the global configuration form. An API key stored on an encrypted disk can be transmitted in plain text. The vulnerability in the Datadog plug-in is a high-severity flaw.
$ "C:\Program Files (x86)\WiX Toolset v3.9\bin\candle.exe" -arch x86 -nologo -out D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wixobj D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wxs 7, 2017 advisory published five high, five medium and two low Jenkins vulnerabilities. Executing command: "C:\Program Files (x86)\WiX Toolset v3.9\bin\candle.exe" -arch x86 -nologo -out D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wixobj D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wxs
adding source file: D:\Jenkins\workspace\project-win-0.70.0-ti\tools\wixtoolset\project_Installer.wxs Wix Toolset plugin is running in slave mode. Environment variables are not automatically added as parameters. I think is missing the object file parameter on the light.exe command
0 kommentar(er)
