PT-2023-24866 · Jenkins · Jenkins Plug-In For Servicenow Devops+1
Published
2023-07-26
·
Updated
2023-08-03
·
CVE-2023-3442
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Plug-in for ServiceNow DevOps versions prior to 1.38.1
Description
A missing authorization issue exists that could lead to the unwanted exposure of sensitive information if exploited successfully.
Recommendations
For versions prior to 1.38.1, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server.
No changes are required on your instances of the Now Platform.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Plug-In For Servicenow Devops