Unencrypted Secret File Credentials Stored on Jenkins Controller File System

CVE-2024-39459

Currently unrated 🤨

Key Information

Vendor: Jenkins
Status: Jenkins Plain Credentials Plugin
Vendor: CVE Published:; 26 June 2024

Summary

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

Affected Version(s)

Jenkins Plain Credentials Plugin <= 182.v468b_97b_9dcb_8

Timeline

Vulnerability published.
Jun 26, 2024
Vulnerability Reserved.
Jun 25, 2024

Collectors

NVD DatabaseMitre Database