Jenkins Credentials Binding plugin is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
Jenkins Credentials Binding plugin version 1.17 is vulnerable.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution:
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
| Bugtraq ID: | 109320 |
| Class: | Design Error |
| CVE: | CVE-2019-1010241 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2019 12:00AM |
| Updated: | Jul 26 2019 06:00AM |
| Credit: | Marcelo Sacchetin and Aditya Balapure |
| Vulnerable: | Redhat OpenShift Container Platform 4.1 Redhat OpenShift Container Platform 3.9 Redhat OpenShift Container Platform 3.11 Redhat OpenShift Container Platform 3.10 Jenkins Credentials Binding 1.17 |
| Not Vulnerable: | |
References:
- Credentials Binding (Jenkins)
- Jenkins Home Page (Jenkins)
- Bug 1732346 (CVE-2019-1010241) - CVE-2019-1010241 jenkins-plugin-credentials-bi (Redhat)
- CVE-2019-1010241 (Redhat)
from SecurityFocus Vulnerabilities https://ift.tt/2JSQDR6
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.