Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability

Jenkins Credentials Binding plugin is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
Jenkins Credentials Binding plugin version 1.17 is vulnerable.

Information

Bugtraq ID: 109320
Class: Design Error
CVE: CVE-2019-1010241

Remote: Yes
Local: No
Published: May 01 2019 12:00AM
Updated: Jul 26 2019 06:00AM
Credit: Marcelo Sacchetin and Aditya Balapure
Vulnerable: Redhat OpenShift Container Platform 4.1
Redhat OpenShift Container Platform 3.9
Redhat OpenShift Container Platform 3.11
Redhat OpenShift Container Platform 3.10
Jenkins Credentials Binding 1.17

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Credentials Binding (Jenkins)
Jenkins Home Page (Jenkins)
Bug 1732346 (CVE-2019-1010241) - CVE-2019-1010241 jenkins-plugin-credentials-bi (Redhat)
CVE-2019-1010241 (Redhat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit