CVE-2023-43494 — Vulnetix

CVE-2023-43494 PUBLISHED

Jenkins LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.

EPSS 49.15% · 97.8th percentile

Risk Scores

EPSS Score

49.15%

97.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	2.50.0
Bitnami	jenkins	2.50.0

Timeline

Sep 20, 2023 CVE Published
Sep 20, 2023 PoC Published
Sep 22, 2023 EPSS Score
Sep 25, 2023 CVE Updated
Mar 19, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 26, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 13, 2025 EPSS Score

References

http://www.openwall.com/lists/oss-security/2023/09/20/5 url
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 url
https://nvd.nist.gov/vuln/detail/CVE-2023-43494 url

Open in Interactive Console →