Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774 | Vendor Advisory |
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774 | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774 - Vendor Advisory |
Information
Published : 2023-01-26 21:18
Updated : 2024-11-21 07:47
NVD link : CVE-2023-24439
Mitre link : CVE-2023-24439
CVE.ORG link : CVE-2023-24439
JSON object : View
Products Affected
jenkins
- jira_pipeline_steps
CWE
CWE-312
Cleartext Storage of Sensitive Information