CVE-2023-40347

2023-08-1615:15:12

CWE-522

[email protected]

web.nvd.nist.gov

223

cve-2023-40347

jenkins

maven

artifact

choicelistprovider

nexus

plugin

nvd

security

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.3%

JSON

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

Affected configurations

NVD

Node

jenkinsmaven_artifact_choicelistprovider_\(nexus\)Range≤1.14jenkins

CPENameOperatorVersion
jenkins:maven_artifact_choicelistprovider_\(nexus\)jenkins maven artifact choicelistprovider (nexus)le1.14

CPE	Name	Operator	Version
jenkins:maven_artifact_choicelistprovider_\(nexus\)	jenkins maven artifact choicelistprovider (nexus)	le	1.14

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "1.14",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]