GHSA-gqxr-hvrw-6hfh

Опубликовано: 16 мая 2023

Источник: github

Github: Прошло ревью

CVSS3: 3.1

Описание

Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration.

While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them.

NS-ND Integration Performance Publisher Plugin 4.11.0.48 masks credentials displayed on the configuration form.

Ссылки

Пакеты

Наименование

io.jenkins.plugins:cavisson-ns-nd-integration

maven

Затронутые версииВерсия исправления

< 4.11.0.48

4.11.0.48

EPSS

Процентиль: 44%

0.0022

Низкий

3.1 Low

CVSS3

CVE ID

CVE-2023-33000

Дефекты

CWE-522

Связанные уязвимости

CVE-2023-33000

CVSS3: 7.5

nvd

больше 2 лет назад

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.

EPSS

Процентиль: 44%

0.0022

Низкий

3.1 Low

CVSS3

CVE ID

CVE-2023-33000

Дефекты

CWE-522