PT-2023-24132 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin+1

Kevin Guerroudj

Publicado

2023-05-16

Atualizado

2023-05-31

CVE-2023-33000

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.149 and earlier

Description The issue concerns the Jenkins NS-ND Integration Performance Publisher Plugin, where credentials are not masked on the configuration form, allowing potential attackers to observe and capture them. Although the credentials are stored encrypted on disk, the lack of masking on the job configuration form increases the risk.

Recommendations For versions 4.8.0.149 and earlier, update to version 4.11.0.48 or later, which masks credentials displayed on the configuration form. As a temporary workaround, consider restricting access to the configuration form to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2023-33000

GHSA-GQXR-HVRW-6HFH

Produtos afetados

Jenkins

Jenkins Ns-Nd Integration Performance Publisher Plugin

PT-2023-24132 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin+1

CVE-2023-33000

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6