CVE-2023-30528 — Cleartext Storage of Sensitive Info in Project Jenkins Wso2 Oauth Plugin

CWE-312 — Cleartext Storage of Sensitive Info5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 41.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Wso2 Oauth Plugin Jenkins Wso2 Oauth

Timeline

PublishedApr 12

Description

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_wso2_oauth_plugin1.0

▶NVDjenkins/wso2_oauth1.0

🔴Vulnerability Details

CVEList

CVE-2023-30528: Jenkins WSO2 Oauth Plugin 1↗2023-04-12

▶

GHSA

Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form↗2023-04-12

▶

OSV

Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form↗2023-04-12

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-04-12↗2023-04-12

▶