CVE-2018-1000196
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.
Existe una vulnerabilidad de exposición de información sensible en el plugin Gitlab Hook en versiones 1.4.2 y anteriores de Jenkins en gitlab_notifier.rb y views/gitlab_notifier/global.erb que permite a los atacantes con acceso al sistema de ficheros maestro local de Jenkins o control del navegador web de un administrador de Jenkins (por ejemplo, extensión maliciosa) recuperar el token Gitlab configurado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-05 CVE Reserved
- 2018-06-05 CVE Published
- 2024-03-15 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263 | 2018-07-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jenkins Search vendor "Jenkins" | Gitlab Hook Search vendor "Jenkins" for product "Gitlab Hook" | <= 1.4.2 Search vendor "Jenkins" for product "Gitlab Hook" and version " <= 1.4.2" | jenkins |
Affected
| ||||||