Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2022-1278 Vulnerability in maven package org.wildfly:wildfly-microprofile

CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-rt-core

CVE-2019-10376 Vulnerability in maven package org.jenkins-ci.plugins:jenkinswalldisplay

CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace

CVE-2021-21666 Vulnerability in maven package org.jenkins-ci.plugins:kiuwanjenkinsplugin

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory