CVE-2018-1000186

MEDIUM

Jenkins GitHub Pull Request Builder Plugin <1.41.0 - Info Disclosure

Title source: llm

Description

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

References (1)

Scores

CVSS v3 6.5
EPSS 0.0009
EPSS Percentile 26.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-200
Status published

Affected Products (2)

jenkins/github_pull_request_builder < 1.41.0
org.jenkins-ci.plugins/ghprb < 1.42.0Maven

Timeline

Published Jun 05, 2018
Tracked Since Feb 18, 2026