PT-2023-24132 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin+1

Kevin Guerroudj

Published

2023-05-16

Updated

2023-05-31

CVE-2023-33000

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.149 and earlier

Description The issue concerns the Jenkins NS-ND Integration Performance Publisher Plugin, where credentials are not masked on the configuration form, allowing potential attackers to observe and capture them. Although the credentials are stored encrypted on disk, the lack of masking on the job configuration form increases the risk.

Recommendations For versions 4.8.0.149 and earlier, update to version 4.11.0.48 or later, which masks credentials displayed on the configuration form. As a temporary workaround, consider restricting access to the configuration form to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2023-33000

GHSA-GQXR-HVRW-6HFH

Affected Products

Jenkins

Jenkins Ns-Nd Integration Performance Publisher Plugin

PT-2023-24132 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin+1

CVE-2023-33000

Weakness Enumeration

Related Identifiers

Affected Products

References · 6