Design/Logic Flaw

2018-06-2617:29:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.

CPENameOperatorVersion
configuration_as_codeeq0.1 alpha
configuration_as_codeeq0.2 alpha
configuration_as_codeeq0.3 alpha
configuration_as_codeeq0.4 alpha
configuration_as_codeeq0.5 alpha
configuration_as_codeeq0.6 alpha
configuration_as_codeeq0.7 alpha

Name	Operator	Version
configuration_as_code	eq	0.1 alpha
configuration_as_code	eq	0.2 alpha
configuration_as_code	eq	0.3 alpha
configuration_as_code	eq	0.4 alpha
configuration_as_code	eq	0.5 alpha
configuration_as_code	eq	0.6 alpha
configuration_as_code	eq	0.7 alpha

References

jenkins.io/security/advisory/2018-06-25/