CVE-2023-24440
Description
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.043
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-24437,CVE-2023-24439,CVE-2023-24440,CVE-2023-24438 are affected in Jenkins - jira-steps 2.0.165 | Windows |
| Vulnerabilities CVE-2023-24437,CVE-2023-24439,CVE-2023-24440,CVE-2023-24438 are affected in Jenkins - jira-steps for Linux 2.0.165 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234