CVE-2018-1000142: Infoleak
First published: Thu Apr 05 2018(Updated: )
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Github Pull Request Builder | <=1.39.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-1000142?
The severity of CVE-2018-1000142 is assessed as high due to the potential exposure of sensitive GitHub credentials.
How do I fix CVE-2018-1000142?
To fix CVE-2018-1000142, update Jenkins GitHub Pull Request Builder Plugin to version 1.40.0 or later.
Who is affected by CVE-2018-1000142?
CVE-2018-1000142 affects users of Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older.
What kind of access is needed to exploit CVE-2018-1000142?
An attacker needs local file system access to exploit CVE-2018-1000142.
What information is exposed in CVE-2018-1000142?
CVE-2018-1000142 may expose sensitive GitHub credentials stored in the Jenkins instance.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/source
- vendor/jenkins
- canonical/jenkins github pull request builder
- version/jenkins github pull request builder/1.39.0