Vuln: Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability



Jenkins Credentials Binding plugin is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.

Jenkins Credentials Binding plugin version 1.17 is vulnerable.
exploit



The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
solution



Solution:
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

info



Bugtraq ID:109320
Class:Design Error
CVE:CVE-2019-1010241
Remote:Yes
Local:No
Published:May 01 2019 12:00AM
Updated:Jul 26 2019 06:00AM
Credit:Marcelo Sacchetin and Aditya Balapure
Vulnerable:Redhat OpenShift Container Platform 4.1
Redhat OpenShift Container Platform 3.9
Redhat OpenShift Container Platform 3.11
Redhat OpenShift Container Platform 3.10
Jenkins Credentials Binding 1.17
Not Vulnerable:
references



from SecurityFocus Vulnerabilities https://ift.tt/2JSQDR6