CVE-2023-4302
published 2023-08-21CVE-2023-4302: A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | blue_ocean_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | docker_swarm_plugin | — | — |
| jenkins | favorite_view_plugin | — | — |
| jenkins | flaky_test_handler_plugin | — | — |
| jenkins | folders_plugin | — | — |
| jenkins | fortify | < 22.2.39 | 22.2.39 |
| jenkins | fortify_plugin | — | — |
| jenkins | gogs_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_nodejs_plugin | — | — |
| jenkins | nodejs_plugin | — | — |
| jenkins | shortcut_job_plugin | — | — |
| jenkins | tuleap_authentication_plugin | — | — |
| jenkins_project | jenkins_fortify_plugin | <= 22.1.38 | — |