Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-all

CVE-2023-23925 Vulnerability in npm package switcher-client

CVE-2021-43841 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2013-0239 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2022-43429 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory