CVE-2018-1000196

CVSS v3.0 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.06 % (27^th)

Affected Products 1

Advisories 2

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-06-05 21:29:00
(6 years ago)
Updated Date: 2018-07-18 19:43:45
(6 years ago)

Affected Products

Jenkins

Gitlab Hook

Configuration #1

		CPE23	From	Up To
	Jenkins Gitlab Hook for Jenkins 1.4.2 and prior versions	cpe:2.3:a:jenkins:gitlab_hook::::::jenkins		<= 1.4.2