Описание
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
Ссылки
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Patch
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.44 (исключая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.32.2 (исключая)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 19%
0.00059
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-325
CWE-326
Связанные уязвимости
CVSS3: 4.3
ubuntu
больше 7 лет назад
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVSS3: 4.3
redhat
около 9 лет назад
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVSS3: 4.3
debian
больше 7 лет назад
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode wi ...
EPSS
Процентиль: 19%
0.00059
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-325
CWE-326