VDB

CISA-2023-40347

CISA-2023-40347 PUBLISHED

Reported by jenkins · Published August 16, 2023

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

Affected Products

VendorProductVersions
Jenkins ProjectJenkins Maven Artifact ChoiceListProvider (Nexus) Plugin0
Jenkins ProjectJenkins Maven Artifact ChoiceListProvider (Nexus) Plugin0, 0

Timeline

  • Aug 16, 2023 CVE Published
  • Oct 8, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›