Search a vulnerability

All the vulnerabilites related to Jenkins Project - Jenkins view-cloner Plugin

cve-2023-24450

Vulnerability from cvelistv5

Published

2023-01-24 00:00

Modified

2024-08-02 10:56

Severity ?

Summary

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

References

▼	URL	Tags
	https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787

Impacted products

▼	Vendor	Product
	Jenkins Project	Jenkins view-cloner Plugin

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:03.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins view-cloner Plugin",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "lessThanOrEqual": "1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T12:48:42.431Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2023-24450",
    "datePublished": "2023-01-24T00:00:00",
    "dateReserved": "2023-01-23T00:00:00",
    "dateUpdated": "2024-08-02T10:56:03.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}