CVE-2023-24438

Name of the Vulnerable Software and Affected Versions Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier

Description A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Recommendations For Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier, update to a version that includes the fix for the missing permission check. At the moment, there is no information about a newer version that contains a fix for this vulnerability.