An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator’s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
[
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.29 and earlier"
}
]
}
]