CVE-2023-24454

CWE-312Cleartext Storage of Sensitive InfoCWE-2565 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Testquality Updater PluginJenkins Testquality Updater
Timeline
PublishedJan 26

Description

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin2023-01-26
GHSA
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin2023-01-26
CVEList
CVE-2023-24454: Jenkins TestQuality Updater Plugin 12023-01-24

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-01-242023-01-24