CVE-2023-46651

EUVD-2023-2668
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
jenkinswarnings
𝑥
≤ 10.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/10/25/2
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265
http://www.openwall.com/lists/oss-security/2023/10/25/2
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265