CVE-2018-1000609

Name of the Vulnerable Software and Affected Versions Jenkins Configuration as Code Plugin versions 0.7-alpha and earlier

Description A sensitive information exposure issue exists in the Jenkins Configuration as Code Plugin, specifically in ConfigurationAsCode.java, allowing attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.

Recommendations For versions 0.7-alpha and earlier, update to version 0.8-alpha or later to resolve the issue. As a temporary workaround, consider restricting Overall/Read access to minimize the risk of exploitation.