Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2024-39459
HistoryJun 26, 2024 - 5:15 p.m.

CVE-2024-39459

2024-06-2617:15:27
[email protected]
web.nvd.nist.gov
12
jenkins
plain credentials plugin
secret file credentials
unencrypted
file system
global credentials
item/extended read permission

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

CNA Affected

[
  {
    "vendor": "Jenkins Project",
    "product": "Jenkins Plain Credentials Plugin",
    "versions": [
      {
        "version": "0",
        "versionType": "maven",
        "lessThanOrEqual": "182.v468b_97b_9dcb_8",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

vulnrichment 1
cvelist 1
nvd 1
redhatcve 1
osv 1
github 1
nessus 1
vulnrichment
vulnrichment
CVE-2024-39459
2024-06-26 17:06:27
cvelist
cvelist
CVE-2024-39459
2024-06-26 17:06:27
nvd
nvd
CVE-2024-39459
2024-06-26 17:15:27
redhatcve
redhatcve
CVE-2024-39459
2024-06-27 04:23:36
osv
osv
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
2024-06-26 18:30:28
github
github
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
2024-06-26 18:30:28
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-06-26)
2024-06-26 00:00:00

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2024-39459
vulnrichment1cvelist1nvd1redhatcve1osv1github1nessus1