Lucene search

[email protected]NVD:CVE-2023-25766

HistoryFeb 15, 2023 - 2:15 p.m.

CVE-2023-25766

2023-02-1514:15:13

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-25766

jenkins

azure credentials plugin

permission check

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

22.8%

JSON

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected configurations

Nvd

Node

jenkinsazure_credentialsRange<254.v64da_8176c83ajenkins

VendorProductVersionCPE
jenkinsazure_credentials*cpe:2.3:a:jenkins:azure_credentials:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	azure_credentials	*	cpe:2.3:a:jenkins:azure_credentials::::::jenkins::*

References

www.openwall.com/lists/oss-security/2023/02/15/4

www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1757

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

22.8%

JSON

Related for NVD:CVE-2023-25766

github1 osv1 cvelist1 prion1 cve1 alpinelinux1 nessus1