Insecure Configuration Exposure in Jenkins Ansible Plugin
CVE-2023-32983

5.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Ansible Plugin
Vendor: CVE Published:; 16 May 2023

What is CVE-2023-32983?

The Jenkins Ansible Plugin fails to adequately mask sensitive extra variables in its configuration form, potentially allowing unauthorized users to view and capture this information. This vulnerability poses a significant risk as attackers could exploit the exposed variables, leading to further breaches or malicious actions within the Jenkins environment. For more detailed information, refer to the Jenkins Security Advisory issued on May 16, 2023.

Affected Version(s)

Jenkins Ansible Plugin 0 <= 204.v8191fd551eb_f

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECU...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2023
Vulnerability Reserved
May 16, 2023