Description

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-261

Related Vulnerabilities

CVE-2018-17960 Vulnerability in maven package org.webjars:ckeditor

CVE-2021-32731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

CVE-2023-33000 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2023-28709 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2015-0226 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom

Severity

High

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory