Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zZzJnLXJjbTYtcnJxMs4AAxJv
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Permalink: https://github.com/advisories/GHSA-3g2g-rcm6-rrq2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZzJnLXJjbTYtcnJxMs4AAxJv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-3g2g-rcm6-rrq2, CVE-2023-24440
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-24440
- https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774
- https://github.com/advisories/GHSA-3g2g-rcm6-rrq2
Affected Packages
maven:org.jenkins-ci.plugins:jira-steps
Affected Version Ranges: <= 2.0.165.v8846cf59f3dbNo known fixed version