Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2023-31062 Vulnerability in maven package org.apache.inlong:manager-web

CVE-2020-27782 Vulnerability in maven package io.undertow:undertow-servlet

CVE-2022-43396 Vulnerability in maven package org.apache.kylin:kylin-core-common

CVE-2020-6422 Vulnerability in npm package electron

CVE-2020-24922 Vulnerability in maven package com.xuxueli:xxl-job-admin

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory