Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000183

Опубликовано: 04 июн. 2018
Источник: redhat
CVSS3: 4.2

Описание

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3jenkins-plugin-githubAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1585992jenkins-plugin-github: CSRF vulnerability and missing permission checks allowed capturing credentials (SECURITY-804)

4.2 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1000183

CVSS3: 6.5
nvd
больше 7 лет назад

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

github логотип

GHSA-v7g7-cmxx-wxw9

CVSS3: 6.5
github
больше 3 лет назад

Jenkins GitHub Plugin exposure of sensitive information vulnerability exists

4.2 Medium

CVSS3