Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

GHSA-92MR-4W2Q-4578 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

CloudBees Jenkins re-key admin monitor information disclosure vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks. re-key admin monitor is one of the re-key admin monitor. The re-key admi...

CVE-2017-1000362

The vulnerability CVE-2017-1000362 affects Jenkins (re-key admin monitor). In Jenkins 1.498, secrets were re-encrypted with a new key and a backup directory at JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups was created containing the old, unremoved secrets; these backups were world...