CVE-2018-1999031

Опубликовано: 01 авг. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.

Ссылки

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847
Vendor Advisory
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:meliora_testlab:*:*:*:*:*:jenkins:*:*

Версия до 1.14 (включая)

EPSS

Процентиль: 22%

0.00072

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-3hw6-gc8h-9243

CVSS3: 3.3

github

больше 3 лет назад

Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key