This advisory announces a security vulnerability that was found in Jenkins core. This vulnerability allows attacker with an HTTP access to the server to retrieve the master cryptographic key of Jenkins. This key is used to encrypt sensitive data in configuration files under $JENKINS_HOME and in the HTML forms, authenticate agents connecting to the Jenkins controller, as well as the authenticate RE