CVE-2023-24440

CWE-319Cleartext Transmission5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Jira Pipeline Steps PluginJenkins Jira Pipeline Steps
Timeline
PublishedJan 26

Description

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_jira_pipeline_steps_pluginunspecified2.0.165.v8846cf59f3db
NVDjenkins/jira_pipeline_steps2.0.165.v8846cf59f3db
Mavenorg.jenkins-ci.plugins:jira-steps2.0.165.v8846cf59f3db

🔴Vulnerability Details

3
OSV
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin2023-01-26
GHSA
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin2023-01-26
CVEList
CVE-2023-24440: Jenkins JIRA Pipeline Steps Plugin 22023-01-24

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-01-242023-01-24
CVE-2023-24440 (MEDIUM CVSS 5.5) | Jenkins JIRA Pipeline Steps Plugin | cvebase.io