An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-2133 | An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. |
![]() |
GHSA-3858-58w9-wpcg | Jenkins OpenId Connect Authentication Plugin showed plain text client secret in configuration form |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-09-17T01:21:38.210Z
Reserved: 2019-02-06T00:00:00Z
Link: CVE-2019-1003021

No data.

Status : Modified
Published: 2019-02-06T16:29:00.983
Modified: 2024-11-21T04:17:45.300
Link: CVE-2019-1003021

No data.

No data.