An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02OHF4LXdoeG0taDRjNM4AAWPy

Exposure of sensitive information vulnerability

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 7 months ago

CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-68qx-whxm-h4c4, CVE-2018-1999041
References: Repository:
Blast Radius: 1.0

Affected Packages

Affected Version Ranges: < 2.0
Fixed in: 2.0