Description

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262

Related Vulnerabilities

CVE-2017-1000006 Vulnerability in maven package org.webjars.npm:plotly.js

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:blazeds-common

CVE-2023-46729 Vulnerability in npm package @sentry/nextjs

CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2021-36163 Vulnerability in maven package org.apache.dubbo:dubbo-serialization

Severity

High

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory