Missing Authorization in Jenkins plug-in for ServiceNow DevOps
CVE-2023-3442

7.7HIGH

Key Information:

Vendor: Servicenow
Status: Jenkins Plug-in For Servicenow Devops
Vendor: CVE Published:; 26 July 2023

What is CVE-2023-3442?

A vulnerability related to missing authorization has been identified in the Jenkins Plug-in for ServiceNow DevOps, impacting all versions prior to 1.38.1. This vulnerability may allow attackers to gain unauthorized access to sensitive information within the system if exploited successfully. It is recommended to upgrade to version 1.38.1 to mitigate this risk, while no changes are necessary on existing instances of the Now Platform.

Affected Version(s)

Jenkins plug-in for ServiceNow DevOps Jenkins 0 < 1.38.1

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jun 28, 2023

Credit

Alvaro Muñoz (@pwntester), GitHub Security Lab