Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2023-29203 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-34197 Vulnerability in maven package org.jenkins-ci.plugins:sauce-ondemand

CVE-2018-3826 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2015-7520 Vulnerability in maven package org.apache.wicket:wicket-core

CVE-2022-46685 Vulnerability in maven package org.jenkins-ci.plugins:gitea

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory