CVE-2023-25721

Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
veracodeveracode
𝑥
< 23.3.19.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.veracode.com/updates/r/c_all_int#veracode-jenkins-plugin-233190
https://veracode.com
https://docs.veracode.com/updates/r/c_all_int#veracode-jenkins-plugin-233190
https://veracode.com