CVE-2018-1000610

HIGH8.8EPSS 0.05%

Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials

Published: 5/13/2022Modified: 11/8/2023

Description

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.

Affected packages (1)

Maven/io.jenkins:configuration-as-codefrom 0, < 0.8-alpha

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000610
WEBhttps://jenkins.io/security/advisory/2018-06-25/#SECURITY-929