CVE-2023-24439

Published: Jan 26, 2023Modified: Apr 2, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Affected (1)

Products: Jenkins: Jira Pipeline Steps

Jenkins

1 product

Jira Pipeline Steps

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jira Pipeline Steps	Up to 2.0.165.v8846cf59f3db

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.