Description

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262

Related Vulnerabilities

CVE-2020-27223 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2022-29161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-crypto

CVE-2023-49799 Vulnerability in npm package nuxt-api-party

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

CVE-2023-27904 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory