Description
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.
Published: 2019-01-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-2483 An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.
Github GHSA Github GHSA GHSA-53jp-gmwc-jwf6 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
History

No history.

Subscriptions

Jenkins Jenkins
Redhat Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T12:40:46.997Z

Reserved: 2019-01-09T00:00:00.000Z

Link: CVE-2018-1000410

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-09T23:29:02.420

Modified: 2024-11-21T03:40:00.563

Link: CVE-2018-1000410

cve-icon Redhat

Severity : Low

Publid Date: 2018-10-10T00:00:00Z

Links: CVE-2018-1000410 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses