Lucene search
JenkinsCVELIST:CVE-2023-46651HistoryOct 25, 2023 - 1:45 p.m.
CVE-2023-46651
2023-10-2513:45:53
jenkins
www.cve.org
jenkins
warnings plugin
credentials
permission
cve-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Warnings Plugin",
"versions": [
{
"version": "10.5.1",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
},
{
"version": "10.4.1",
"versionType": "maven",
"lessThan": "10.4.*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
]Related
alpinelinux
alpinelinux
CVE-2023-46651
2023-10-25 18:17:39
osv
osv
Jenkins Warnings Plugin exposures system-scoped credentials
2023-10-25 18:32:25
github
github
Jenkins Warnings Plugin exposures system-scoped credentials
2023-10-25 18:32:25
prion
prion
Design/Logic Flaw
2023-10-25 18:17:00
nvd
nvd
CVE-2023-46651
2023-10-25 18:17:39
cve
cve
CVE-2023-46651
2023-10-25 18:17:39
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-10-25)
2023-10-25 00:00:00