CVE-2023-24450

Description

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Related CPE's

ajenkinsview-cloner1.1****jenkins**

ajenkinsview-cloner1.0****jenkins**

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io