CVE-2023-3414

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 6.5

EPSS Низкий

Описание

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

Ссылки

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434118
Third Party Advisory
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434118
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:servicenow_devops:*:*:*:*:*:jenkins:*:*

Версия до 1.38.1 (исключая)

EPSS

Процентиль: 10%

0.00035

Низкий

6.1 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-rchx-rvh2-vx5j

CVSS3: 6.1

github

больше 2 лет назад

Credential leakage in Jenkins Plug-in for ServiceNow

EPSS

Процентиль: 10%

0.00035

Низкий

6.1 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-352