CVE-2023-46653

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.

Ссылки

http://www.openwall.com/lists/oss-security/2023/10/25/2
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/10/25/2
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:lambdatest-automation:*:*:*:*:*:jenkins:*:*

Версия до 1.21.0 (исключая)

EPSS

Процентиль: 5%

0.00021

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-hpv3-f5p7-pxj9

CVSS3: 2.7

github

больше 2 лет назад

Jenkins lambdatest-automation Plugin may expose Credentials access token

BDU:2023-07306