CVE-2024-39459
- Source
- https://cve.org/CVERecord?id=CVE-2024-39459
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39459.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-39459
- Aliases
- Published
- 2024-06-26T17:15:27.110Z
- Modified
- 2026-03-14T12:34:45.027833Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).
- References
Affected packages
Git / github.com/jenkinsci/plain-credentials-plugin
Affected versions
139.*
139.ved2b_9cf7587b
143.*
143.v1b_df8b_d3b_e48
177.*
177.vb_231f25527e7
179.*
179.vc5cb_98f6db_38
182.*
182.v468b_97b_9dcb_8
plain-credentials-1.*
plain-credentials-1.0
plain-credentials-1.0-beta-1
plain-credentials-1.0-beta-2
plain-credentials-1.0-beta-3
plain-credentials-1.0-beta-4
plain-credentials-1.1
plain-credentials-1.2
plain-credentials-1.3
plain-credentials-1.4
plain-credentials-1.5
plain-credentials-1.6
plain-credentials-1.7
plain-credentials-1.8