CVE-2023-32983

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
jenkinsCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
jenkinsansible
𝑥
≤ 204.v8191fd551eb_f
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017