PT-2023-19600 · Jenkins · Jenkins Jira Pipeline Steps Plugin+1
Published
2023-01-24
·
Updated
2023-02-04
·
CVE-2023-24440
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier
Description
The issue concerns the transmission of private keys in plain text as part of the global Jenkins configuration form, potentially leading to their exposure.
Recommendations
For Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier, consider updating to a version that does not transmit private keys in plain text, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Jira Pipeline Steps Plugin