Credential Enumeration Vulnerability in Jenkins Delphix Plugin by Delphix
CVE-2023-40345

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Delphix Plugin
Vendor: CVE Published:; 16 August 2023

Summary

The Jenkins Delphix Plugin versions 3.0.2 and earlier have a vulnerability that allows attackers with Overall/Read permission to inadvertently access and capture sensitive credentials. This issue stems from improper context settings during credentials lookup, which can potentially expose authentication details that should be restricted. Organizations using this plugin should promptly update to mitigate the risk of unauthorized credential access.

Affected Version(s)

Jenkins Delphix Plugin 0 <= 3.0.2

References

https://www.jenkins.io/security/advisory/2023-08-16/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/08/16/3

https://support.delphix.com/Support_Policies_and_Technica...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Aug 14, 2023