Description

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840

Related Vulnerabilities

CVE-2020-2115 Vulnerability in maven package org.jenkins-ci.plugins:nunit

CVE-2013-2165 Vulnerability in maven package org.richfaces.framework:richfaces-impl-jsf2

CVE-2023-50720 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-api

CVE-2019-10412 Vulnerability in maven package com.inedo.proget:inedo-proget

CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory