CVE-2019-1003021

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.jenkins-ci.plugins/oic-auth

Identifiers

GHSA-3858-58w9-wpcg, CVE-2019-1003021

Package Slug

maven/org.jenkins-ci.plugins/oic-auth

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.

Affected Versions

All versions up to 1.4

Solution

Upgrade to version 1.5 or above.

Last Modified

2024-01-31

source