ASA-2019-00101 – Jenkins: GitHub Authentication Plugin showed plain text client secret in configuration form

GitHub Authentication Plugin stores the client secret in the global Jenkins configuration. While the client secret is stored encrypted on disk, it was transmitted in plain text as part of the configuration form and displayed without masking. This could result in exposure of the client secret through browser extensions, cross-site scripting vulnerabilities, and similar situations. GitHub Authentication Plugin now encrypts the client secret transmitted to administrators viewing the global security configuration form.