VDB
CISA-2023-40347
CISA-2023-40347
PUBLISHED
Reported by jenkins · Published August 16, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins Project | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin | 0 |
| Jenkins Project | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin | 0, 0 |
Timeline
- Aug 16, 2023 CVE Published
- Oct 8, 2024 CVE Updated
References
- Jenkins Security Advisory 2023-08-16 vendor-advisory