CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
jenkinsgithub_pull_request_builder
𝑥
≤ 1.39.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262