Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2017-3159 Vulnerability in maven package org.apache.camel:camel-snakeyaml

CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2017-2604 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2015-5241 Vulnerability in maven package org.apache.juddi:juddi-client

CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory