Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nMjl2LTVwd2gtd3h4NM4AAxKJ
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Permalink: https://github.com/advisories/GHSA-g29v-5pwh-wxx4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMjl2LTVwd2gtd3h4NM4AAxKJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-g29v-5pwh-wxx4, CVE-2023-24439
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-24439
- https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774
- https://github.com/advisories/GHSA-g29v-5pwh-wxx4
Affected Packages
maven:org.jenkins-ci.plugins:jira-steps
Affected Version Ranges: <= 2.0.165.v8846cf59f3dbNo known fixed version