CVE-2023-24454

Published Jan 26, 2023

Last updated a month ago

CVSS medium 5.5

Overview

Description: Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Source: jenkinsci-cert@googlegroups.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-312
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-312

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jenkins:testquality_updater:*:*:*:*:*:jenkins:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09C35010-450D-4559-9718-FE5144E4B28E",
            "versionEndIncluding": "1.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.