CVE-2018-1000143: Infoleak
First published: Thu Apr 05 2018(Updated: )
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins GitHub Pull Request Builder | <=1.39.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-1000143?
CVE-2018-1000143 has a high severity rating due to the potential exposure of sensitive GitHub credentials.
How do I fix CVE-2018-1000143?
To fix CVE-2018-1000143, upgrade the Jenkins GitHub Pull Request Builder Plugin to version 1.40.0 or later.
What versions are affected by CVE-2018-1000143?
CVE-2018-1000143 affects Jenkins GitHub Pull Request Builder Plugin versions up to and including 1.39.0.
What are the potential risks associated with CVE-2018-1000143?
The risks include unauthorized access to GitHub credentials by an attacker with local file system access.
Where can I find more information about CVE-2018-1000143?
More detailed information about CVE-2018-1000143 can typically be found in security advisories from Jenkins.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/jenkins
- canonical/jenkins github pull request builder
- version/jenkins github pull request builder/1.39.0