PT-2023-19599 · Jenkins · Jenkins Jira Pipeline Steps Plugin+1

Publicado

2023-01-24

Atualizado

2023-02-04

CVE-2023-24439

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins JIRA Pipeline Steps Plugin version 2.0.165.v8846cf59f3db and earlier

Description The issue allows private keys to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with file system access.

Recommendations For Jenkins JIRA Pipeline Steps Plugin version 2.0.165.v8846cf59f3db and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of private key exposure until a fix is available.

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-256CWE-312

Identificadores relacionados

CVE-2023-24439

GHSA-G29V-5PWH-WXX4

Produtos afetados

Jenkins

Jenkins Jira Pipeline Steps Plugin

PT-2023-19599 · Jenkins · Jenkins Jira Pipeline Steps Plugin+1

CVE-2023-24439

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4