CVE-2017-1000362

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.498

Description A security issue was found where the re-key admin monitor in Jenkins created a backup directory with old secrets and the key used to encrypt them. This directory was world-readable and not removed after the re-encryption process. The issue affects Jenkins instances where the re-key admin monitor was introduced, potentially exposing sensitive information.

Recommendations For versions prior to 1.498, check for the directory $JENKINS HOME/jenkins.security.RekeySecretAdminMonitor/backups and delete it if present to prevent unauthorized access to sensitive information. Upgrading to version 1.498 or later will prevent the creation of the backup directory.