CVE-2023-24450

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24450

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24450.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-24450

Aliases

GHSA-6hw7-x86v-wrgf

Published

2023-01-26T21:18:18Z

Modified

2024-09-03T04:23:56.010593Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787

Affected packages

Git / github.com/jenkinsci/view-cloner-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/view-cloner-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

937f1afb1bd8f8ec56851a4c95d6d7b6bc30ada9

Last affected

be6c4ba3153bc4e994c0a415fb4ea364faa5caa6

Affected versions

view-cloner-1.*

view-cloner-1.0