Credential Access Vulnerability in Jenkins mabl Plugin by Jenkins
CVE-2023-37951

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Mabl Plugin
Vendor: CVE Published:; 12 July 2023

Summary

The mabl Plugin for Jenkins, specifically versions 0.0.46 and earlier, does not implement proper context for credential lookup. This vulnerability can be exploited by attackers possessing Item/Configure permissions, which allows them to gain unauthorized access to sensitive credentials. Following exploits, malicious actors can capture and exploit these credentials to compromise the security of affected systems. It is crucial for Jenkins users to review the security advisory and ensure that they are using updated versions of this plugin.

Affected Version(s)

Jenkins mabl Plugin 0 <= 0.0.46

References

https://www.jenkins.io/security/advisory/2023-07-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/12/2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 11, 2023