Unmasked Credentials in Jenkins Performance Publisher Plugin by Jenkins
CVE-2023-33000

7.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Ns-nd Integration Performance Publisher Plugin
Vendor: CVE Published:; 16 May 2023

Summary

The NS-ND Integration Performance Publisher Plugin for Jenkins fails to mask sensitive credentials displayed on its configuration form. This lack of masking raises the risk of unauthorized access as attackers might observe and capture these credentials during their interaction with the interface. Organizations using this plugin should take immediate action to mitigate the risk and safeguard their credentials to prevent potential breaches.

Affected Version(s)

Jenkins NS-ND Integration Performance Publisher Plugin 0 <= 4.8.0.149

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECU...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2023
Vulnerability Reserved
May 16, 2023