VDB

BIT-jenkins-2023-43494

BIT-jenkins-2023-43494 PUBLISHED CVSS 4.300000190734863 MEDIUM

Jenkins LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Bitnamijenkins2.50.0, 2.50.0, 2.50.0

Timeline

  • Mar 6, 2024 CVE Published
  • Apr 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›