Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-24442 Vulnerability in maven package org.jenkins-ci.plugins:github-pr-coverage-status

Description

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767

Related Vulnerabilities

CVE-2022-45388 Vulnerability in maven package net.praqma:config-rotator

CVE-2023-33187 Vulnerability in npm package highlight.run

CVE-2014-3579 Vulnerability in maven package org.apache.activemq:apollo-selector

CVE-2023-33938 Vulnerability in maven package com.liferay.portal:release.portal.bom

CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory