CVE-2023-24435

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24435

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24435.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-24435

Aliases

GHSA-w4v5-54p8-m4j5

Published

2023-01-26T21:18:17Z

Modified

2024-09-03T04:23:53.327774Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29

Affected packages

Git / github.com/jenkinsci/ghprb-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/ghprb-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

15ea8538c0d0aac0ad8a7a3f514f6215bf6c8634

Affected versions

ghprb-1.*

ghprb-1.0

ghprb-1.1

ghprb-1.1.1

ghprb-1.10

ghprb-1.11

ghprb-1.11.1

ghprb-1.11.2

ghprb-1.12

ghprb-1.13

ghprb-1.13-1

ghprb-1.14

ghprb-1.14-1

ghprb-1.14-2

ghprb-1.14-3

ghprb-1.14-4

ghprb-1.14-5

ghprb-1.14-6

ghprb-1.14-7

ghprb-1.15-0

ghprb-1.15-1

ghprb-1.16-0

ghprb-1.16-1

ghprb-1.16-2

ghprb-1.16-3

ghprb-1.16-4

ghprb-1.16-5

ghprb-1.16-6

ghprb-1.16-7

ghprb-1.16-8

ghprb-1.17

ghprb-1.18

ghprb-1.19

ghprb-1.2

ghprb-1.20

ghprb-1.20.1

ghprb-1.21

ghprb-1.21.1

ghprb-1.22

ghprb-1.22.1

ghprb-1.22.2

ghprb-1.22.3

ghprb-1.22.4

ghprb-1.23

ghprb-1.23.1

ghprb-1.23.2

ghprb-1.23.3

ghprb-1.24

ghprb-1.24.1

ghprb-1.24.2

ghprb-1.24.3

ghprb-1.24.4

ghprb-1.24.5

ghprb-1.24.6

ghprb-1.24.7

ghprb-1.24.8

ghprb-1.25

ghprb-1.26

ghprb-1.26.1

ghprb-1.26.2

ghprb-1.27

ghprb-1.28

ghprb-1.28.1

ghprb-1.28.2

ghprb-1.28.3

ghprb-1.28.4

ghprb-1.28.5

ghprb-1.28.6

ghprb-1.29

ghprb-1.29.1

ghprb-1.29.2

ghprb-1.29.3

ghprb-1.29.4

ghprb-1.29.5

ghprb-1.29.6

ghprb-1.29.7

ghprb-1.29.8

ghprb-1.3

ghprb-1.3.1

ghprb-1.3.2

ghprb-1.30

ghprb-1.30.1

ghprb-1.30.2

ghprb-1.30.3

ghprb-1.30.4

ghprb-1.30.5

ghprb-1.30.6

ghprb-1.31.1

ghprb-1.31.2

ghprb-1.31.3

ghprb-1.31.4

ghprb-1.32.1

ghprb-1.32.2

ghprb-1.32.3

ghprb-1.32.4

ghprb-1.32.5

ghprb-1.32.6

ghprb-1.32.7

ghprb-1.32.8

ghprb-1.33.0

ghprb-1.33.1

ghprb-1.33.2

ghprb-1.33.3

ghprb-1.33.4

ghprb-1.34.0

ghprb-1.35.0

ghprb-1.36.0

ghprb-1.36.1

ghprb-1.36.2

ghprb-1.37.0

ghprb-1.38.0

ghprb-1.39.0

ghprb-1.4

ghprb-1.40.0

ghprb-1.41.0

ghprb-1.42.0

ghprb-1.42.1

ghprb-1.42.2

ghprb-1.5

ghprb-1.5.1

ghprb-1.6

ghprb-1.7

ghprb-1.8

ghprb-1.9