Lucene search
Redhat.comRH:CVE-2023-43494HistorySep 22, 2023 - 11:54 a.m.
CVE-2023-43494
2023-09-2211:54:46
redhat.com
access.redhat.com
9
cve-2023-43494
jenkins flaw
sensitive build variables
build history widget
remote attacker
authenticated
further attacks
0.0004 Low
EPSS
Percentile
13.0%
A flaw was found in Jenkins weekly and LTS caused by not excluding sensitive build variables when filtering builds in the build history widget. By sending a specially crafted request, a remote, authenticated attacker could obtain values of sensitive variables used in builds and use this information to launch further attacks against the affected system.
Related
veracode
veracode
Sensitive Information Exposure
2023-09-25 08:27:28
cve
cve
CVE-2023-43494
2023-09-20 17:15:11
osv
osv
BIT-jenkins-2023-43494
2024-03-06 10:55:02
Jenkins does not exclude sensitive build variables from search
2023-09-20 18:30:21
CVE-2023-43494
2023-09-20 17:15:11
github
github
Jenkins does not exclude sensitive build variables from search
2023-09-20 18:30:21
alpinelinux
alpinelinux
CVE-2023-43494
2023-09-20 17:15:11
prion
prion
Code injection
2023-09-20 17:15:00
cvelist
cvelist
CVE-2023-43494
2023-09-20 16:06:08
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00