SB2023051848 - Unprotected storage of credentials in Jenkins NS-ND Integration Performance Publisher plugin

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023051848

SB2023051848 - Unprotected storage of credentials in Jenkins NS-ND Integration Performance Publisher plugin

Published: May 18, 2023

Security Bulletin ID SB2023051848
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Unprotected storage of credentials (CVE-ID: CVE-2023-33000)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. A remote attacker can gain access to sensitive information.


Remediation

Install update from vendor's website.

References