Description
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840
Related Vulnerabilities
CVE-2019-10362 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2023-34454 Vulnerability in maven package org.xerial.snappy:snappy-java
CVE-2019-10371 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2022-43413 Vulnerability in maven package org.jenkins-ci.plugins:job-import-plugin
CVE-2022-26850 Vulnerability in maven package org.apache.nifi:nifi-single-user-utils