Credential Exposure Risk in Jenkins lambdatest-automation Plugin by Jenkins
CVE-2023-46653

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Lambdatest-automation Plugin
Vendor: CVE Published:; 25 October 2023

Summary

The Jenkins lambdatest-automation Plugin versions 1.20.10 and earlier have a security issue where LAMBDATEST Credentials access tokens are logged at the INFO level. This logging practice can potentially expose sensitive credentials to users with access to the log files, leading to unauthorized access or malicious exploitation. Users are advised to review security practices concerning log management and apply the necessary updates to mitigate the risk.

Affected Version(s)

Jenkins lambdatest-automation Plugin 0 <= 1.20.10

References

https://www.jenkins.io/security/advisory/2023-10-25/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/10/25/2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Oct 24, 2023