CVE-2023-50770

6.7MEDIUM

Key Information

Vendor: Jenkins
Status: Jenkins OpenId Connect Authentication Plugin
Vendor: CVE Published:; 13 December 2023

Summary

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

Affected Version(s)

Jenkins OpenId Connect Authentication Plugin <= 2.6

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Dec 13, 2023
Vulnerability published.
Dec 13, 2023

Collectors

NVD DatabaseMitre Database