Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774

Related Vulnerabilities

CVE-2018-3827 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2011-2204 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-2232 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2017-1000390 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-multijob-plugin

CVE-2022-26850 Vulnerability in maven package org.apache.nifi:nifi-single-user-utils

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory