Описание
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:jenkins:configuration_as_code:0.1:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.2:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.3:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.4:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.5:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.6:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.7:alpha:*:*:*:jenkins:*:*
EPSS
Процентиль: 21%
0.00069
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
EPSS
Процентиль: 21%
0.00069
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200