Unencrypted Variable Storage Vulnerability in Jenkins Ansible Plugin by Jenkins

CVE-2023-32982

What is CVE-2023-32982?

The Jenkins Ansible Plugin prior to version 204.v8191fd551eb_f exhibits a vulnerability where extra variables are stored in unencrypted form within job config.xml files on the Jenkins controller. This creates a security risk as these files may be accessed by users possessing Item/Extended Read permission or direct access to the Jenkins controller file system, enabling unauthorized access to sensitive configuration data.

References