Lucene search

[email protected]NVD:CVE-2023-24433

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-24433

2023-01-2621:18:17

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-24433

jenkins orka

macstadium plugin

permission checks

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.1%

JSON

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

Nvd

Node

jenkinsorka_by_macstadiumRange<1.32jenkins

VendorProductVersionCPE
jenkinsorka_by_macstadium*cpe:2.3:a:jenkins:orka_by_macstadium:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	orka_by_macstadium	*	cpe:2.3:a:jenkins:orka_by_macstadium::::::jenkins::*

References

www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20%282%29

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.1%

JSON

Related for NVD:CVE-2023-24433

cvelist1 cve1 prion1 github1 osv1 nessus2