Search criteria
6 vulnerabilities found for Jenkins GitHub Authentication Plugin by Jenkins project
CVE-2019-10315 (GCVE-0-2019-10315)
Vulnerability from nvd – Published: 2019-04-30 12:25 – Updated: 2024-08-04 22:17
VLAI
Summary
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
Severity
No CVSS data available.
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/04/30/5 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/108159 | vdb-entryx_refsource_BID |
| https://jenkins.io/security/advisory/2019-04-30/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins GitHub Authentication Plugin |
Affected:
0.31 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:20.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
},
{
"name": "108159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.31 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:47:13.242Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "[oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
},
{
"name": "108159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.31 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
},
{
"name": "108159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108159"
},
{
"name": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10315",
"datePublished": "2019-04-30T12:25:17.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:20.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1003019 (GCVE-0-2019-1003019)
Vulnerability from nvd – Published: 2019-02-06 16:00 – Updated: 2024-09-16 20:37
VLAI
Summary
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-01-28/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins GitHub Authentication Plugin |
Affected:
0.29 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.29 and earlier"
}
]
}
],
"dateAssigned": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:44:52.142Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.179227",
"ID": "CVE-2019-1003019",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-1003019",
"datePublished": "2019-02-06T16:00:00.000Z",
"dateReserved": "2019-02-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:33.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1003018 (GCVE-0-2019-1003018)
Vulnerability from nvd – Published: 2019-02-06 16:00 – Updated: 2024-09-16 20:43
VLAI
Summary
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-01-28/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins GitHub Authentication Plugin |
Affected:
0.29 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.29 and earlier"
}
]
}
],
"dateAssigned": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator\u0027s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:44:50.987Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.178806",
"ID": "CVE-2019-1003018",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator\u0027s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-549"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-1003018",
"datePublished": "2019-02-06T16:00:00.000Z",
"dateReserved": "2019-02-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:43:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10315 (GCVE-0-2019-10315)
Vulnerability from cvelistv5 – Published: 2019-04-30 12:25 – Updated: 2024-08-04 22:17
VLAI
Summary
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
Severity
No CVSS data available.
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/04/30/5 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/108159 | vdb-entryx_refsource_BID |
| https://jenkins.io/security/advisory/2019-04-30/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins GitHub Authentication Plugin |
Affected:
0.31 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:20.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
},
{
"name": "108159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.31 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:47:13.242Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "[oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
},
{
"name": "108159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.31 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
},
{
"name": "108159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108159"
},
{
"name": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10315",
"datePublished": "2019-04-30T12:25:17.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:20.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1003019 (GCVE-0-2019-1003019)
Vulnerability from cvelistv5 – Published: 2019-02-06 16:00 – Updated: 2024-09-16 20:37
VLAI
Summary
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-01-28/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins GitHub Authentication Plugin |
Affected:
0.29 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.29 and earlier"
}
]
}
],
"dateAssigned": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:44:52.142Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.179227",
"ID": "CVE-2019-1003019",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-1003019",
"datePublished": "2019-02-06T16:00:00.000Z",
"dateReserved": "2019-02-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:33.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1003018 (GCVE-0-2019-1003018)
Vulnerability from cvelistv5 – Published: 2019-02-06 16:00 – Updated: 2024-09-16 20:43
VLAI
Summary
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-01-28/#… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins GitHub Authentication Plugin |
Affected:
0.29 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins GitHub Authentication Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "0.29 and earlier"
}
]
}
],
"dateAssigned": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator\u0027s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:44:50.987Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.178806",
"ID": "CVE-2019-1003018",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator\u0027s web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-549"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-1003018",
"datePublished": "2019-02-06T16:00:00.000Z",
"dateReserved": "2019-02-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:43:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}