CVE-2024-47805
published 2024-10-02CVE-2024-47805: Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | credentials | < 1371.1373.v4eb_fa_b_7161e9 | 1371.1373.v4eb_fa_b_7161e9 |
| jenkins | credentials | >= 1371.vfee6b_095f0a_3 < 1380.va_435002fa_924 | 1380.va_435002fa_924 |
| jenkins | credentials_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | openid_connect_authentication_plugin | — | — |
| jenkins | plain_credentials_plugin | — | — |
| jenkins_project | jenkins_credentials_plugin | <= 1380.va_435002fa_924 | — |