Lucene search
GoogleOSV:GHSA-53JP-GMWC-JWF6HistoryMay 14, 2022 - 1:04 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-1401:04:36
Google
osv.dev
8
0.0004 Low
EPSS
Percentile
12.6%
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.
Related
osv
osv
CVE-2018-1000410
2019-01-09 23:29:02
prion
prion
Information disclosure
2019-01-09 23:29:00
cve
cve
CVE-2018-1000410
2019-01-09 23:29:02
veracode
veracode
Information Disclosure
2019-05-16 02:16:48
nvd
nvd
CVE-2018-1000410
2019-01-09 23:29:02
redhatcve
redhatcve
CVE-2018-1000410
2019-01-30 01:19:52
cvelist
cvelist
CVE-2018-1000410
2019-01-09 23:00:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-14 01:04:36
openvas
openvas
Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities - Windows
2018-12-11 00:00:00
Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities - Linux
2018-12-11 00:00:00
nessus
nessus
Jenkins < 2.138.2 (LTS) / 2.146 Multiple Vulnerabilities
2018-10-16 00:00:00