CVE-2023-49653

Name of the Vulnerable Software and Affected Versions Jenkins Jira Plugin versions 3.11 and earlier

Description The issue is related to insufficient access control due to incorrect context definition for credentials lookup. This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. The exploitation of this issue can enable a remote attacker to gain unauthorized access to protected information.

Recommendations For Jenkins Jira Plugin versions 3.11 and earlier, update to version 3.12 or later, which defines the appropriate context for credentials lookup, to resolve the issue. As a temporary workaround, consider restricting access to the Item/Configure permission to minimize the risk of exploitation.