Sensitive Information Exposure in Jenkins WSO2 Oauth Plugin by Jenkins
CVE-2023-30528

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins WSO2 Oauth Plugin
Vendor: CVE Published:; 12 April 2023

Summary

The Jenkins WSO2 Oauth Plugin prior to version 1.0 has a security flaw where the WSO2 Oauth client secret is not properly masked in the global configuration settings. This oversight can lead to situations where unauthorized users may be able to view and potentially exploit the client secret, thereby increasing the risk of attacks and compromising sensitive data.

Affected Version(s)

Jenkins WSO2 Oauth Plugin 0 <= 1.0

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/04/13/3

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Apr 12, 2023