Lucene search

GoogleOSV:GHSA-54CW-RVR3-W6CX

HistoryApr 12, 2023 - 6:30 p.m.

Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

2023-04-1218:30:35

Google

osv.dev

jenkins consul kv builder

hashicorp consul acl token

unencrypted

global configuration

jenkins controller

attackers

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.5%

JSON

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration.

This token can be viewed by users with access to the Jenkins controller file system.

Additionally, the global configuration form does not mask the token, increasing the potential for attackers to observe and capture it.

References

www.openwall.com/lists/oss-security/2023/04/13/3

nvd.nist.gov/vuln/detail/CVE-2023-30531

www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.5%

JSON

Related for OSV:GHSA-54CW-RVR3-W6CX