CVE-2023-32263

Опубликовано: 19 июл. 2023

Источник: nvd

CVSS3: 2.6

CVSS3: 5.7

EPSS Низкий

Описание

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials.

https://www.jenkins.io/security/advisory/2023-06-14/

Ссылки

https://plugins.jenkins.io/dimensionsscm/
Product
https://portal.microfocus.com/s/article/KM000019293
Vendor Advisory
https://plugins.jenkins.io/dimensionsscm/
Product
https://portal.microfocus.com/s/article/KM000019293
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microfocus:dimensions_cm:*:*:*:*:*:jenkins:*:*

Версия от 0.8.17 (включая) до 0.9.3 (включая)

EPSS

Процентиль: 46%

0.00237

Низкий

2.6 Low

CVSS3

5.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8hc6-w44m-wfxf

CVSS3: 2.6

github

больше 2 лет назад

Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin

EPSS

Процентиль: 46%

0.00237

Низкий

2.6 Low

CVSS3

5.7 Medium

CVSS3

Дефекты

NVD-CWE-noinfo