Permission Check Flaw in Jenkins Orka by MacStadium Plugin Affects User Credentials
CVE-2023-24433

6.5MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Orka By Macstadium Plugin
Vendor
CVE Published:
26 January 2023

What is CVE-2023-24433?

The Jenkins Orka by MacStadium Plugin has a vulnerability that stems from missing permission checks. This flaw permits attackers with Overall/Read permissions to connect to a malicious HTTP server using compromised credential IDs, which they acquire through alternate means. Consequently, this allows attackers to capture credentials stored within Jenkins, posing a significant risk to the integrity and confidentiality of user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Orka by MacStadium Plugin <= 1.31

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.