CVE-2019-1003018

Summary

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins GitHub Authentication Plugin0.29 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References