CVE-2018-1000196

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.jenkins-ci.ruby-plugins/gitlab-hook

Identifiers

GHSA-7p4p-v6hr-gp3m, CVE-2018-1000196

Package Slug

maven/org.jenkins-ci.ruby-plugins/gitlab-hook

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.

Affected Versions

All versions up to 1.4.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-01-31

source