Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2011-4838 Vulnerability in maven package org.jruby:jruby

CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-script

CVE-2010-2276 Vulnerability in npm package dojo

CVE-2020-2189 Vulnerability in maven package org.jenkins-ci.plugins:scm-filter-jervis

CVE-2022-3143 Vulnerability in maven package org.wildfly.security:wildfly-elytron-realm-ldap

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory