CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder

Description

Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944

Related Vulnerabilities

CVE-2021-23566 Vulnerability in npm package nanoid

CVE-2020-6458 Vulnerability in npm package electron

CVE-2021-39150 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.avmfritz

CVE-2021-31812 Vulnerability in maven package org.apache.pdfbox:pdfbox

Severity

High

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N