CVE-2023-3442

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 7.7

CVSS3: 7.5

EPSS Низкий

Описание

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

Ссылки

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434119
Third Party Advisory
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434119
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:servicenow_devops:*:*:*:*:*:jenkins:*:*

Версия до 1.38.1 (исключая)

EPSS

Процентиль: 9%

0.00033

Низкий

7.7 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-cj2x-r74q-vcx9

CVSS3: 7.7

github

больше 2 лет назад

Missing authorization in Jenkins Plug-in for ServiceNow

EPSS

Процентиль: 9%

0.00033

Низкий

7.7 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-862