CVE-2018-1000410

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.145 and earlier Jenkins LTS versions 2.138.1 and earlier

Description An information exposure issue exists that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. This issue is related to the Stapler framework used by the affected Jenkins releases, specifically in the RequestImpl.java and Descriptor.java files.

Recommendations For Jenkins versions 2.145 and earlier, update to a version later than 2.145 to resolve the issue. For Jenkins LTS versions 2.138.1 and earlier, update to a version later than 2.138.1 to resolve the issue.