{"id":"CVE-2018-1999028","details":"An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.","aliases":["GHSA-8vg7-gh73-866v"],"modified":"2026-04-10T04:09:56.975104Z","published":"2018-08-01T13:29:00.513Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1021"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/accurev-plugin","events":[{"introduced":"0"},{"last_affected":"11e453ab63d0da1f61a68f4f2ab6c6b75e6be26f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.7.16"}]}}],"versions":["accurev-0.6.13","accurev-0.6.14","accurev-0.6.15","accurev-0.6.16","accurev-0.6.17","accurev-0.6.18","accurev-0.6.19","accurev-0.6.20","accurev-0.6.21","accurev-0.6.22","accurev-0.6.23","accurev-0.6.24","accurev-0.6.25","accurev-0.6.26","accurev-0.6.27","accurev-0.6.28","accurev-0.6.29","accurev-0.6.30","accurev-0.6.31","accurev-0.6.32","accurev-0.6.33","accurev-0.7.0","accurev-0.7.1","accurev-0.7.10","accurev-0.7.11","accurev-0.7.13","accurev-0.7.14","accurev-0.7.15","accurev-0.7.16","accurev-0.7.2","accurev-0.7.3","accurev-0.7.4","accurev-0.7.5","accurev-0.7.6","accurev-0.7.7","accurev-0.7.8","accurev-0.7.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999028.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}