CVE-2019-1003018

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Authentication Plugin versions 0.29 and earlier

Description: An exposure of sensitive information issue exists that allows attackers, who can view a Jenkins administrator's web browser output or control the browser, to retrieve the configured client secret. This can occur through the GithubSecurityRealm/config.jelly file.

Recommendations: For Jenkins GitHub Authentication Plugin versions 0.29 and earlier, update to a version later than 0.29 to resolve the issue. As a temporary workaround, consider restricting access to the GithubSecurityRealm/config.jelly file to minimize the risk of exploitation.