CVE-2023-25721

Name of the Vulnerable Software and Affected Versions Veracode Scan Jenkins Plugin versions prior to 23.3.19.0

Description The issue allows users with access to view the job log to discover proxy credentials under specific configurations. This includes when the "Connect using proxy" option is enabled, configured with proxy credentials, and the Jenkins global system setting debug is enabled, along with a scan configured for remote agent jobs. By default, only the job owner or Jenkins admin can view the job log.

Recommendations For versions prior to 23.3.19.0, update to version 23.3.19.0 or later to resolve the issue. As a temporary workaround, consider disabling the "Connect using proxy" option or restricting access to job logs to minimize the risk of exploitation. Additionally, disabling the debug setting in Jenkins global system settings can also mitigate the risk.