CVE-2023-40345 — Insufficiently Protected Credentials in Project Jenkins Delphix Plugin

CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Delphix Plugin Jenkins Delphix

Timeline

PublishedAug 16

Description

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_delphix_plugin3.0.2

▶NVDjenkins/delphix3.0.2

🔴Vulnerability Details

OSV

Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials↗2023-08-16

▶

CVEList

CVE-2023-40345: Jenkins Delphix Plugin 3↗2023-08-16

▶

GHSA

Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials↗2023-08-16

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-08-16↗2023-08-16

▶