CVE-2017-1000092

Name of the Vulnerable Software and Affected Versions Jenkins Git Plugin (affected versions not specified)

Description The issue allows an attacker to potentially obtain username and password credentials by tricking a developer into following a maliciously crafted Jenkins URL. This URL would cause the Jenkins Git client to send the credentials to an attacker-controlled server. The attack relies on the attacker's ability to guess a username/password credentials ID and the developer's job configuration permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.