CVE-2023-40347

Name of the Vulnerable Software and Affected Versions Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.14 and earlier

Description The issue is related to insufficient protection of registration data, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This is due to the plugin not setting the appropriate context for credentials lookup. Attackers can exploit this to gain unauthorized access to protected information.

Recommendations For Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.14 and earlier, as a temporary workaround, consider restricting access to the plugin until a patch is available. Additionally, limit the use of System-scoped credentials to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.