Lucene search

[email protected]NVD:CVE-2018-1999041

HistoryAug 01, 2018 - 1:29 p.m.

CVE-2018-1999041

2018-08-0113:29:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin’s configuration.

Affected configurations

Nvd

Node

jenkinstinfoil_securityRange≤1.6.1jenkins

VendorProductVersionCPE
jenkinstinfoil_security*cpe:2.3:a:jenkins:tinfoil_security:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	tinfoil_security	*	cpe:2.3:a:jenkins:tinfoil_security::::::jenkins::*

References

jenkins.io/security/advisory/2018-07-30/#SECURITY-840

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2018-1999041

prion1 osv2 github1 cvelist1 cve1