CVE-2018-1000610
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials
8.8
HIGH
CVSS 3.1
EPSS 0.05%
Description
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
How to fix CVE-2018-1000610
To remediate CVE-2018-1000610, upgrade the affected package to a fixed version below.
- —upgrade to 0.8-alpha or later
Is CVE-2018-1000610 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.8-alpha
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |