CVE-2018-1000610

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:configuration_as_code:0.3:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.4:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.5:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.6:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.1:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.2:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.7:alpha:*:*:*:jenkins:*:*

Information

Published : 2018-06-26 10:29

Updated : 2019-10-02 17:03


NVD link : CVE-2018-1000610

Mitre link : CVE-2018-1000610


JSON object : View

CWE
CWE-522

Insufficiently Protected Credentials

Advertisement

dedicated server usa

Products Affected

jenkins

  • configuration_as_code