[MAVEN:GHSA-92RV-MVMJ-47QH] Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, these form validation methods did not require POST requests, resulting in a CSRF vulnerability. As of version 1.42.0, these form validation methods require POST requests and Overall/Administer permissions.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugin/ghprb | <= 1.41.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugin/ghprb | = 1.42.0 |
- ID
- MAVEN:GHSA-92RV-MVMJ-47QH
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-92rv-mvmj-47qh
- Published
-
2022-05-14T03:13:13
(2 years ago) - Modified
-
2023-12-20T13:44:01
(9 months ago) - Rights
- Maven Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |