cbcvebase.
CVE-2018-1000600
published 2018-06-26

CVE-2018-1000600: A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows…

high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
ITWEXPLOIT
Exploited in the wild
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

17 ranges
VendorProductVersion rangeFixed in
jenkinsaws_codebuild_plugin
jenkinsaws_codedeploy_plugin
jenkinsaws_codepipeline_plugin
jenkinsbadge_plugin
jenkinscollabnet_plugin
jenkinscollabnet_plugins_plugin
jenkinsconfiguration_as_code_plugin
jenkinscredentials_binding_plugin
jenkinscredentials_plugin
jenkinsfortify_cloudscan_plugin
jenkinsgithub<= 1.29.1
jenkinsopenstack_cloud_plugin
jenkinsos_connector_plugin
jenkinssaml_plugin
jenkinsssh_credentials_plugin
jenkinsthis_feature_applies_to_connections_by_this_plugin
jenkinsurltrigger_plugin

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck8.8HIGH