Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Package
Affected versions
< 0.8-alpha
Patched versions
0.8-alpha
Description
Published by the National Vulnerability Database
Jun 26, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Nov 8, 2022
Last updated
Jan 29, 2023
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. Version 0.8-alpha contains a fix for this issue.
References