High severityNVD Advisory· Published Jun 26, 2018· Updated Sep 16, 2024
CVE-2018-1000600
CVE-2018-1000600
Description
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.coravy.hudson.plugins.github:githubMaven | < 1.29.2 | 1.29.2 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6cvm-v6qj-hjq9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000600ghsaADVISORY
- github.com/jenkinsci/github-plugin/commit/ce7f5f2cb523757f2bf9ec362e1c8de1de447ec7ghsaWEB
- jenkins.io/security/advisory/2018-06-25/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.