Information Disclosure Vulnerability in Jenkins Consul KV Builder Plugin
CVE-2023-30531

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Consul KV Builder Plugin
Vendor: CVE Published:; 12 April 2023

Summary

The Jenkins Consul KV Builder Plugin, up to version 2.0.13, contains a vulnerability that fails to adequately mask the HashiCorp Consul ACL Token within the global configuration form. This oversight increases the risk of attackers observing and capturing sensitive token information, potentially compromising the security of systems utilizing this plugin.

Affected Version(s)

Jenkins Consul KV Builder Plugin 0 <= 2.0.13

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/04/13/3

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Apr 12, 2023