Description

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.

Remediation

References

CVE-2018-1000410

Related Vulnerabilities

MySQL CVE-2022-21368 Vulnerability (CVE-2022-21368)

WordPress Plugin Recommend to a friend Cross-Site Scripting (2.0.2)

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.5)

Oracle Database Server CVE-2010-0854 Vulnerability (CVE-2010-0854)

WordPress Plugin Co-Authors Plus Multiple Unspecified Vulnerabilities (3.1.2)

Severity

High

Classification

CVE-2018-1000410 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities