CVE-2018-1000609

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000609
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000609.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000609
Aliases
Published
2018-06-26T17:29:00.663Z
Modified
2025-11-20T10:44:28.318881Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.

References

Affected packages

Git / github.com/jenkinsci/configuration-as-code-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/configuration-as-code-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2caadef9cbb3b6ecc49be521f5815a3704596756
Last affected
3dc97356b1d8c2c3488b88c1fdeb3a508385b4b7
Last affected
7da449e792a0cb5fb58e192957da0940bbde3870
Last affected
8921814751e0465ba31b853b9adec18bb557f0ff
Last affected
987b55ffdf7e7468ac9b739e5d7bee6129cfa7fc
Last affected
9b80243d1df5fcf8f5dc103946faa1a2b062a5ab
Last affected
d14a4eb9d2831691a712ebab4bd80d4b85dc38ad

Affected versions

configuration-as-code-0.*

configuration-as-code-0.1-alpha
configuration-as-code-0.2-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000609.json"