PT-2023-19599 · Jenkins · Jenkins Jira Pipeline Steps Plugin+1

Published

2023-01-24

Updated

2023-02-04

CVE-2023-24439

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins JIRA Pipeline Steps Plugin version 2.0.165.v8846cf59f3db and earlier

Description The issue allows private keys to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with file system access.

Recommendations For Jenkins JIRA Pipeline Steps Plugin version 2.0.165.v8846cf59f3db and earlier, consider restricting access to the Jenkins controller file system to minimize the risk of private key exposure until a fix is available.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256CWE-312

Related Identifiers

CVE-2023-24439

GHSA-G29V-5PWH-WXX4

Affected Products

Jenkins

Jenkins Jira Pipeline Steps Plugin

PT-2023-19599 · Jenkins · Jenkins Jira Pipeline Steps Plugin+1

CVE-2023-24439

Weakness Enumeration

Related Identifiers

Affected Products

References · 4