2 matches found
org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000142 via org.jenkins-ci.plugins:ghprb (=1.31.4)
org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000142...
CVE-2018-1000142
CVE-2018-1000142 affects the Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and older). The root cause is exposure of credentials stored in GhprbCause.java, allowing an attacker with local file system access to obtain GitHub credentials. The impact is sensitive credential disclosure ...