Credential Access Flaw in Jenkins Warnings Plugin by CloudBees
CVE-2023-46651

6.5MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Warnings Plugin
Vendor
CVE Published:
25 October 2023

What is CVE-2023-46651?

The Jenkins Warnings Plugin prior to version 10.5.0 contains a significant flaw in the credential context setting. This oversight permits attackers with Item/Configure permissions to access and potentially capture sensitive credentials that they should not have access to. A fix for this issue has been backported to version 10.4.1, mitigating the risk of unauthorized credential retrieval.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Warnings Plugin 10.5.1

Jenkins Warnings Plugin 10.5.1

Jenkins Warnings Plugin 10.4.1 < 10.4.*

References

https://www.jenkins.io/security/advisory/2023-10-25/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/25/2

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.