CVE-2018-1000142 — Sensitive Information Exposure in Jenkins Github Pull Request Builder

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Github Pull Request Builder

Timeline

PublishedApr 5

Latest updateMay 14

Description

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDjenkins/github_pull_request_builder1.39.0

🔴Vulnerability Details

GHSA

Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials↗2022-05-14

▶

OSV

Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials↗2022-05-14

▶

CVEList

CVE-2018-1000142: An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1↗2018-04-05

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2018-03-26↗2018-03-26

▶