CVE-2018-1000187

CWE-200Information ExposureCWE-532Log File Information Exposure7 documents7 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 45.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Kubernetes
Timeline
PublishedJun 5
Latest updateMay 14

Description

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
Exposure of Sensitive Information in Jenkins Kubernetes Plugin2022-05-14
GHSA
Exposure of Sensitive Information in Jenkins Kubernetes Plugin2022-05-14
CVEList
CVE-2018-1000187: A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 12018-06-05

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2018-06-042018-06-04
Red Hat
jenkins-plugin-kubernetes: Sensitive build variables leaked into logs (SECURITY-883)2018-06-04

💬Community

1
Bugzilla
CVE-2018-1000187 jenkins-plugin-kubernetes: Sensitive build variables leaked into logs (SECURITY-883)2018-06-05
CVE-2018-1000187 (MEDIUM CVSS 6.5) | A exposure of sensitive information | cvebase.io