CVE-2023-37951
published 2023-07-12CVE-2023-37951: Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | assembla_auth_plugin | — | — |
| jenkins | benchmark_evaluator_plugin | — | — |
| jenkins | datadog_plugin | — | — |
| jenkins | elasticbox_ci_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | mabl | <= 0.0.46 | — |
| jenkins | macstadium_plugin | — | — |
| jenkins | mathworks_polyspace_plugin | — | — |
| jenkins | openshift_login_plugin | — | — |
| jenkins | oracle_cloud_infrastructure_compute_plugin | — | — |
| jenkins | orka_by_macstadium_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | sumologic_publisher_plugin | — | — |
| jenkins | test_results_aggregator_plugin | — | — |
| jenkins_project | jenkins_mabl_plugin | <= 0.0.46 | — |