CVE-2024-9453 — Vulnetix

CVE-2024-9453 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

EPSS 0.27% · 50.4th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.27%

50.4th percentile

Affected Products

Vendor	Product	Versions
Jenkins	openshift-sync-plugin	0
jenkins	jenkins
Red Hat	OpenShift Developer Tools and Services

Timeline

Jul 4, 2025 EPSS Score
Jul 4, 2025 Coalition ESS Score
Jul 4, 2025 CVE Published
Jul 9, 2025 Coalition ESS Score
Jul 14, 2025 EPSS Score
Jul 23, 2025 EPSS Score
Aug 2, 2025 EPSS Score
Aug 11, 2025 EPSS Score
Aug 18, 2025 Coalition ESS Score
Aug 21, 2025 EPSS Score
Aug 31, 2025 EPSS Score
Sep 9, 2025 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2024-9453 vdb
RHBZ#2316231 issue
https://nvd.nist.gov/vuln/detail/CVE-2024-9453 advisory

Open in Interactive Console →