CVE-2018-1000183

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions 1.29.0 and older

Description A sensitive information exposure issue exists, allowing attackers with Overall/Read access to connect to a specified URL using attacker-specified credentials IDs, potentially capturing stored credentials in Jenkins.

Recommendations For Jenkins GitHub Plugin versions 1.29.0 and older, update to a version newer than 1.29.0 to resolve the issue. As a temporary workaround, consider restricting access to the GitHubServerConfig.java configuration to minimize the risk of exploitation.