Insecure Configuration Exposure in Jenkins Ansible Plugin
CVE-2023-32983
5.3MEDIUM
Summary
The Jenkins Ansible Plugin fails to adequately mask sensitive extra variables in its configuration form, potentially allowing unauthorized users to view and capture this information. This vulnerability poses a significant risk as attackers could exploit the exposed variables, leading to further breaches or malicious actions within the Jenkins environment. For more detailed information, refer to the Jenkins Security Advisory issued on May 16, 2023.
Affected Version(s)
Jenkins Ansible Plugin 0 <= 204.v8191fd551eb_f
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved