GHSA-7p4p-v6hr-gp3m, CVE-2018-1000196
maven/org.jenkins-ci.ruby-plugins/gitlab-hook
Exposure of Sensitive Information to an Unauthorized Actor
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.
All versions up to 1.4.2
Unfortunately, there is no solution available yet.
2024-01-31
source |