CVE-2019-1003021

Summary

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins OpenId Connect Authentication Plugin1.4 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References