Information Disclosure in Jenkins Due to Unredacted Multi-Line Secrets
CVE-2024-47803

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins
Vendor: CVE Published:; 2 October 2024

What is CVE-2024-47803?

A vulnerability in Jenkins allows for the potential disclosure of sensitive multi-line secret values in error messages. When users submit forms that involve the secretTextarea form field, the system fails to appropriately redact the secrets, exposing confidential information unintentionally. This flaw affects Jenkins versions 2.478 and earlier and LTS version 2.462.2 and earlier, thus representing a risk for users who manage sensitive data within their Jenkins environments. It underscores the need for immediate action to mitigate risks associated with accidental information leakage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins 2.462.3

Jenkins 2.462.3 < 2.462.*

Jenkins 2.479

References

https://www.jenkins.io/security/advisory/2024-10-02/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2024

JSON

Jenkins