Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
28 Jun 2018
25 Jun 2018
How to fix?
com.coravy.hudson.plugins.github:github to version 1.29.2 or higher.
com.coravy.hudson.plugins.github:github integrates Jenkins with Github projects.
Affected versions of this package are vulnerable to Information Exposure via the
GitHubTokenCredentialsCreator.java method. A malicious user with
Overall/Read access, could connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.