Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/11/29/1 | Mailing List Third Party Advisory |
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3225 | Vendor Advisory |
Configurations
History
05 Dec 2023, 16:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-522 | |
References | () http://www.openwall.com/lists/oss-security/2023/11/29/1 - Mailing List, Third Party Advisory | |
References | () https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3225 - Vendor Advisory | |
CPE | cpe:2.3:a:jenkins:jira:*:*:*:*:*:jenkins:*:* |
29 Nov 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2023, 14:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-29 14:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-49653
Mitre link : CVE-2023-49653
CVE.ORG link : CVE-2023-49653
JSON object : View
Products Affected
jenkins
- jira
CWE
CWE-522
Insufficiently Protected Credentials