Improper Authorization in Jenkins HipChat Plugin Affects User Credentials
CVE-2018-1000419

6.5MEDIUM

Key Information:

Vendor: Atlassian
Status: Hipchat
Vendor: CVE Published:; 9 January 2019

Summary

An improper authorization vulnerability exists in the Jenkins HipChat Plugin, specifically in the HipChatNotifier.java file. This allows attackers with Overall/Read access to retrieve the credential IDs of sensitive credentials stored within the Jenkins environment. By exploiting this vulnerability, unauthorized users could gain access to information that should remain secure, increasing the risk of further exploits.

References

http://www.securityfocus.com/bid/106532

vdb-entryx_refsource_BID

https://jenkins.io/security/advisory/2018-09-25/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Jan 9, 2019