exploitDog

CVE-2023-30531

Опубликовано: 12 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.

Ссылки

http://www.openwall.com/lists/oss-security/2023/04/13/3
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/04/13/3
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:consul_kv_builder:*:*:*:*:*:jenkins:*:*

Версия до 2.0.13 (включая)

EPSS

Процентиль: 17%

0.00053

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-312

CWE-312

Связанные уязвимости

GHSA-54cw-rvr3-w6cx

CVSS3: 4.3

github

почти 3 года назад

Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

EPSS

Процентиль: 17%

0.00053

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-312

CWE-312