Description

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840

Related Vulnerabilities

CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse

CVE-2022-23437 Vulnerability in maven package xerces:xercesimpl

CVE-2022-42130 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.service

CVE-2023-33006 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory