Search a vulnerability

All the vulnerabilites related to Jenkins Project - Jenkins GitHub Pull Request Coverage Status Plugin

cve-2023-24442

Vulnerability from cvelistv5

Published

2023-01-24 00:00

Modified

2024-08-02 10:56

Severity ?

Summary

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767

Impacted products

▼	Vendor	Product
	Jenkins Project	Jenkins GitHub Pull Request Coverage Status Plugin

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins GitHub Pull Request Coverage Status Plugin",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "lessThanOrEqual": "2.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 2.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T12:48:33.064Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2023-24442",
    "datePublished": "2023-01-24T00:00:00",
    "dateReserved": "2023-01-23T00:00:00",
    "dateUpdated": "2024-08-02T10:56:04.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}