Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02OHF4LXdoeG0taDRjNM4AAWPy
Exposure of sensitive information vulnerability
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.
Permalink: https://github.com/advisories/GHSA-68qx-whxm-h4c4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OHF4LXdoeG0taDRjNM4AAWPy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-68qx-whxm-h4c4, CVE-2018-1999041
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1999041
- https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840
- https://github.com/advisories/GHSA-68qx-whxm-h4c4
Affected Packages
maven:com.tinfoilsecurity.plugins:tinfoil-scan
Versions: < 2.0Fixed in: 2.0