CVE-2018-1000608

Name of the Vulnerable Software and Affected Versions Jenkins z/OS Connector Plugin versions 1.2.6.1 and earlier

Description A sensitive information exposure issue exists, allowing an attacker with local file system access or control of a Jenkins administrator's web browser to retrieve the configured password. This is possible due to the vulnerability in the SCLMSCM.java file. It is noted that IBM z/OS Connector Plugin version 2.0.0 and newer integrates with Credentials Plugin and no longer stores credentials itself.

Recommendations For Jenkins z/OS Connector Plugin versions 1.2.6.1 and earlier, consider updating to version 2.0.0 or newer, which integrates with the Credentials Plugin and no longer stores credentials itself, mitigating the risk of sensitive information exposure.