Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02OHF4LXdoeG0taDRjNM4AAWPy

Exposure of sensitive information vulnerability

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

Permalink: https://github.com/advisories/GHSA-68qx-whxm-h4c4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OHF4LXdoeG0taDRjNM4AAWPy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 5 months ago

CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-68qx-whxm-h4c4, CVE-2018-1999041
References:

Repository: https://github.com/jenkinsci/tinfoil-scan-plugin
Blast Radius: 1.0

Affected Packages

maven:com.tinfoilsecurity.plugins:tinfoil-scan

Affected Version Ranges: < 2.0
Fixed in: 2.0