PT-2023-6544 · Jenkins · Jenkins Lambdatest-Automation Plugin+1

Andrea Chiera

Publicado

2023-10-25

Atualizado

2023-11-01

CVE-2023-46653

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins lambdatest-automation Plugin versions 1.20.10 and earlier

Description The issue is related to the exposure of information. It potentially allows a remote attacker to gain unauthorized access to protected information. The problem arises because the plugin logs LAMBDATEST Credentials access token at the INFO level, which could result in accidental exposure of the token through the default system log.

Recommendations For Jenkins lambdatest-automation Plugin versions 1.20.10 and earlier, update to version 1.21.0 or later, which no longer logs the LAMBDATEST Credentials access token.

Correção

Information Disclosure

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-312

Identificadores relacionados

BDU:2023-07306

CVE-2023-46653

GHSA-HPV3-F5P7-PXJ9

Produtos afetados

Jenkins

Jenkins Lambdatest-Automation Plugin

PT-2023-6544 · Jenkins · Jenkins Lambdatest-Automation Plugin+1

CVE-2023-46653

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12