Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2023-24447 Vulnerability in maven package org.jenkins-ci.plugins:rabbitmq-consumer

CVE-2014-0050 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-42889 Vulnerability in maven package org.apache.commons:commons-text

CVE-2023-29211 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

CVE-2023-28155 Vulnerability in maven package org.webjars.npm:request

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory