Description

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840

Related Vulnerabilities

CVE-2013-6448 Vulnerability in maven package org.jboss.seam:jboss-seam-remoting

CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-velocity

CVE-2014-0002 Vulnerability in maven package org.apache.camel:camel-core

CVE-2023-34442 Vulnerability in maven package org.apache.camel:camel-jira

CVE-2020-2285 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory