VDB
BIT-jenkins-2023-43494
BIT-jenkins-2023-43494
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Jenkins LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 2.50.0, 2.50.0, 2.50.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated