CVE-2023-24436

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-24436

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24436.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-24436

Aliases

GHSA-ccf4-9hjc-xxc4

Published

2023-01-26T21:18:17.600Z

Modified

2026-03-14T11:58:56.636239Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%281%29

Affected packages

Git / github.com/jenkinsci/ghprb-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/ghprb-plugin

Events

Introduced

Last affected

15ea8538c0d0aac0ad8a7a3f514f6215bf6c8634

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.42.2"
        }
    ]
}

Affected versions

ghprb-1.*

ghprb-1.0

ghprb-1.1

ghprb-1.1.1

ghprb-1.10

ghprb-1.11

ghprb-1.11.1

ghprb-1.11.2

ghprb-1.12

ghprb-1.13

ghprb-1.13-1

ghprb-1.14

ghprb-1.14-1

ghprb-1.14-2

ghprb-1.14-3

ghprb-1.14-4

ghprb-1.14-5

ghprb-1.14-6

ghprb-1.14-7

ghprb-1.15-0

ghprb-1.15-1

ghprb-1.16-0

ghprb-1.16-1

ghprb-1.16-2

ghprb-1.16-3

ghprb-1.16-4

ghprb-1.16-5

ghprb-1.16-6

ghprb-1.16-7

ghprb-1.16-8

ghprb-1.17

ghprb-1.18

ghprb-1.19

ghprb-1.2

ghprb-1.20

ghprb-1.20.1

ghprb-1.21

ghprb-1.21.1

ghprb-1.22

ghprb-1.22.1

ghprb-1.22.2

ghprb-1.22.3

ghprb-1.22.4

ghprb-1.23

ghprb-1.23.1

ghprb-1.23.2

ghprb-1.23.3

ghprb-1.24

ghprb-1.24.1

ghprb-1.24.2

ghprb-1.24.3

ghprb-1.24.4

ghprb-1.24.5

ghprb-1.24.6

ghprb-1.24.7

ghprb-1.24.8

ghprb-1.25

ghprb-1.26

ghprb-1.26.1

ghprb-1.26.2

ghprb-1.27

ghprb-1.28

ghprb-1.28.1

ghprb-1.28.2

ghprb-1.28.3

ghprb-1.28.4

ghprb-1.28.5

ghprb-1.28.6

ghprb-1.29

ghprb-1.29.1

ghprb-1.29.2

ghprb-1.29.3

ghprb-1.29.4

ghprb-1.29.5

ghprb-1.29.6

ghprb-1.29.7

ghprb-1.29.8

ghprb-1.3

ghprb-1.3.1

ghprb-1.3.2

ghprb-1.30

ghprb-1.30.1

ghprb-1.30.2

ghprb-1.30.3

ghprb-1.30.4

ghprb-1.30.5

ghprb-1.30.6

ghprb-1.31.1

ghprb-1.31.2

ghprb-1.31.3

ghprb-1.31.4

ghprb-1.32.1

ghprb-1.32.2

ghprb-1.32.3

ghprb-1.32.4

ghprb-1.32.5

ghprb-1.32.6

ghprb-1.32.7

ghprb-1.32.8

ghprb-1.33.0

ghprb-1.33.1

ghprb-1.33.2

ghprb-1.33.3

ghprb-1.33.4

ghprb-1.34.0

ghprb-1.35.0

ghprb-1.36.0

ghprb-1.36.1

ghprb-1.36.2

ghprb-1.37.0

ghprb-1.38.0

ghprb-1.39.0

ghprb-1.4

ghprb-1.40.0

ghprb-1.41.0

ghprb-1.42.0

ghprb-1.42.1

ghprb-1.42.2

ghprb-1.5

ghprb-1.5.1

ghprb-1.6

ghprb-1.7

ghprb-1.8

ghprb-1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24436.json"