GHSA-876j-4q73-7f56
Suggest an improvement- Source
- https://github.com/advisories/GHSA-876j-4q73-7f56
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-876j-4q73-7f56/GHSA-876j-4q73-7f56.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-876j-4q73-7f56
- Aliases
- Published
- 2022-05-14T03:23:44Z
- Modified
- 2023-11-08T03:59:35.760391Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins GitHub Pull Request Builder Plugin
- Details
-
GitHub Pull Request Builder Plugin stored the webhook secret shared between Jenkins and GitHub in plain text. This allowed users with Jenkins controller local file system access and Jenkins administrators to retrieve the stored password. The latter could result in exposure of the passwords through browser extensions, cross-site scripting vulnerabilities, and similar situations. GitHub Pull Request Builder Plugin 1.32.1 and newer stores the webhook secret encrypted on disk.
- Database specific
{ "nvd_published_at": "2018-04-05T13:29:00Z", "github_reviewed_at": "2022-12-12T21:08:02Z", "severity": "LOW", "github_reviewed": true, "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Maven / org.jenkins-ci.plugins:ghprb
Package
- Name
- org.jenkins-ci.plugins:ghprb
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/ghprb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.32.1
Affected versions
1.*
1.0
1.1
1.1.1
1.2
1.3
1.3.1
1.3.2
1.4
1.5
1.5.1
1.7
1.8
1.9
1.11.2
1.12
1.13
1.13-1
1.14
1.14-1
1.14-2
1.14-3
1.14-4
1.14-5
1.14-6
1.14-7
1.15-0
1.15-1
1.16-0
1.16-1
1.16-2
1.16-3
1.16-4
1.16-5
1.16-6
1.16-7
1.16-8
1.17
1.18
1.19
1.20
1.20.1
1.21
1.21.1
1.22
1.22.1
1.22.2
1.22.3
1.22.4
1.23
1.23.1
1.23.2
1.23.3
1.24
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.24.6
1.24.7
1.24.8
1.25
1.26
1.26.1
1.26.2
1.27
1.28
1.28.1
1.28.2
1.28.3
1.28.4
1.28.6
1.29
1.29.1
1.29.2
1.29.3
1.29.4
1.29.5
1.29.6
1.29.7
1.29.8
1.30
1.30.1
1.30.2
1.30.3
1.30.4
1.30.5
1.30.6
1.31.1
1.31.2
1.31.3
1.31.4