Sensitive Information Exposure in Jenkins Configuration as Code Plugin

Sensitive Information Exposure in Jenkins Configuration as Code Plugin

CVE-2018-1000610 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.

Learn more about our Web Application Penetration Testing UK.