CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003018
https://notcve.org/view.php?id=CVE-2019-1003018
06 Feb 2019 — An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. Existe una vulnerabilidad de exposición de información sensible en Jenkins GitHub Authentication Plugin, en versiones 0.29 y anteriores, en GithubSecurityRealm/config.jelly, que permite qu... • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003019
https://notcve.org/view.php?id=CVE-2019-1003019
06 Feb 2019 — An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. Existe una vulnerabilidad de fijación de sesión en Jenkins GitHub Authentication Plugin, en versiones 0.29 y posteriores, en GithubSecurityRealm.java que permite que los atacantes no autorizados suplanten otro usuario si pueden controlar la sesión de preautenticación. • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797 • CWE-384: Session Fixation •