CVE-2018-1000143

{"id": "CVE-2018-1000143", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2018-04-05T13:29:00.307", "references": [{"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials."}, {"lang": "es", "value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible en el plugin GitHub Pull Request Builder en Jenkins, en versiones 1.39.0 y anteriores, en GhprbCause.java que permite que un atacante con acceso al sistema de archivos local obtenga credenciales GitHub."}], "lastModified": "2024-11-21T03:39:46.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:github_pull_request_builder:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "17E65397-A3F9-459C-9360-FD6506BC10E6", "versionEndIncluding": "1.39.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}