Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1manJ2LXZ4OW0tNGpwas4AAyY1
Veracode Scan Jenkins Plugin vulnerable to information disclosure
Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments.
Permalink: https://github.com/advisories/GHSA-fjrv-vx9m-4jpjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1manJ2LXZ4OW0tNGpwas4AAyY1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-fjrv-vx9m-4jpj, CVE-2023-25722
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-25722
- https://docs.veracode.com/updates/r/c_all_int#veracode-jenkins-plugin-233190
- https://veracode.com
- https://community.veracode.com/s/global-search/CVE-2023-25722
- https://github.com/advisories/GHSA-fjrv-vx9m-4jpj
Affected Packages
maven:com.veracode.jenkins:veracode-scan
Affected Version Ranges: < 23.3.19.0Fixed in: 23.3.19.0