Moderate severityNVD Advisory· Published Feb 6, 2019· Updated Sep 16, 2024
CVE-2019-1003018
CVE-2019-1003018
Description
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:github-oauthMaven | < 0.31 | 0.31 |
Affected products
2- Range: 0.29 and earlier
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-87pj-9q82-m9qhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1003018ghsaADVISORY
- github.com/jenkinsci/github-oauth-plugin/commit/10d173f541e6f060231e778ec25b8c9846109856ghsaWEB
- jenkins.io/security/advisory/2019-01-28/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.