CVE-2018-1000143

CWE-200Information Exposure5 documents5 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 94.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Github Pull Request Builder
Timeline
PublishedApr 5
Latest updateMay 14

Description

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
Jenkins GitHub Pull Request Builder Plugin2022-05-14
GHSA
Jenkins GitHub Pull Request Builder Plugin2022-05-14
CVEList
CVE-2018-1000143: An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 12018-04-05

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-03-262018-03-26
CVE-2018-1000143 (MEDIUM CVSS 6.7) | An exposure of sensitive informatio | cvebase.io