Description

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262

Related Vulnerabilities

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets

CVE-2018-1000151 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud

CVE-2022-2256 Vulnerability in maven package org.keycloak:keycloak-themes

CVE-2023-23638 Vulnerability in maven package org.apache.dubbo:dubbo-common

CVE-2023-25765 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

Severity

High

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory