Description
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915
Related Vulnerabilities
CVE-2022-23974 Vulnerability in maven package org.apache.pinot:pinot
CVE-2016-9299 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-1958 Vulnerability in maven package org.apache.druid.extensions:druid-basic-security
CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core_2.10