CVE-2018-1000142

Опубликовано: 05 апр. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

Ссылки

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-261
Vendor Advisory
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-261
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:github_pull_request_builder:*:*:*:*:*:jenkins:*:*

Версия до 1.39.0 (включая)

EPSS

Процентиль: 4%

0.00019

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-hr74-2j5v-ghfv

CVSS3: 4

github

больше 3 лет назад

Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials