CVE-2018-1999041

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1999041

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999041.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1999041

Aliases

GHSA-68qx-whxm-h4c4

Published

2018-08-01T13:29:01Z

Modified

2024-09-03T02:09:32.386852Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840

Affected packages

Git / github.com/jenkinsci/tinfoil-scan-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/tinfoil-scan-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2b75e019e611ad8a40043510abbf9a958d5ddf50

Affected versions

tinfoil-scan-1.*

tinfoil-scan-1.0

tinfoil-scan-1.1

tinfoil-scan-1.2

tinfoil-scan-1.3

tinfoil-scan-1.4

tinfoil-scan-1.5

tinfoil-scan-1.6

tinfoil-scan-1.6.1