Credential leakage in Jenkins Plug-in for ServiceNow
Moderate severity
GitHub Reviewed
Published
Jul 26, 2023
to the GitHub Advisory Database
•
Updated Nov 11, 2023
Package
Affected versions
< 1.38.1
Patched versions
1.38.1
Description
Published by the National Vulnerability Database
Jul 26, 2023
Published to the GitHub Advisory Database
Jul 26, 2023
Reviewed
Jul 26, 2023
Last updated
Nov 11, 2023
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.
References