A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Configuration_as_code | Jenkins | 0.1-alpha (including) | 0.1-alpha (including) |
| Configuration_as_code | Jenkins | 0.2-alpha (including) | 0.2-alpha (including) |
| Configuration_as_code | Jenkins | 0.3-alpha (including) | 0.3-alpha (including) |
| Configuration_as_code | Jenkins | 0.4-alpha (including) | 0.4-alpha (including) |
| Configuration_as_code | Jenkins | 0.5-alpha (including) | 0.5-alpha (including) |
| Configuration_as_code | Jenkins | 0.6-alpha (including) | 0.6-alpha (including) |
| Configuration_as_code | Jenkins | 0.7-alpha (including) | 0.7-alpha (including) |