An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-2133 An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Github GHSA Github GHSA GHSA-3858-58w9-wpcg Jenkins OpenId Connect Authentication Plugin showed plain text client secret in configuration form
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2024-09-17T01:21:38.210Z

Reserved: 2019-02-06T00:00:00Z

Link: CVE-2019-1003021

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-02-06T16:29:00.983

Modified: 2024-11-21T04:17:45.300

Link: CVE-2019-1003021

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.