CVE-2023-32263 Dimensions CM Plugin for Jenkins 0.8.17 â€“ 0.9.3

2023-07-1915:56:46

OpenText

www.cve.org

vulnerability

micro focus

dimensions cm plugin

jenkins

authenticated user

attacker-controlled server

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

28.1%

JSON

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials.

https://www.jenkins.io/security/advisory/2023-06-14/

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dimensions CM",
    "vendor": "Micro Focus",
    "versions": [
      {
        "lessThanOrEqual": "0.9.3",
        "status": "affected",
        "version": "0.8.17",
        "versionType": "semver"
      }
    ]
  }
]