Lucene search
GoogleOSV:GHSA-92MR-4W2Q-4578HistoryMay 17, 2022 - 2:25 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-1702:25:41
Google
osv.dev
19
sensitive information
unauthorized actor
jenkins
EPSS
0.002
Percentile
64.7%
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
Related
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-17 02:25:41
osv
osv
CVE-2017-1000362
2017-07-17 13:18:18
cve
cve
CVE-2017-1000362
2017-07-17 13:18:18
CVE-2017-2605
2017-07-24 17:29:00
redhatcve
redhatcve
CVE-2017-1000362
2017-07-25 08:09:55
cvelist
cvelist
CVE-2017-1000362
2017-07-13 20:00:00
nvd
nvd
CVE-2017-1000362
2017-07-17 13:18:18
CVE-2017-2605
2017-07-24 17:29:00
prion
prion
Directory traversal
2017-07-17 13:18:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Feb 2017) - Linux
2017-03-13 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2017) - Windows
2017-03-13 00:00:00
nessus
nessus