Information Disclosure

2023-07-2221:12:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information disclosure

jenkins

dimensionsscm

vulnerability

remote attack

authentication

trick

attacker-controlled server

sensitive information

dimensions cm

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

org.jenkins-ci.plugins:dimensionsscm is vulnerable to Information Disclosure. A remote authenticated attacker is able to retrieve a login certificate of a victim via tricking them into using an attacker-controlled Dimensions CM server, resulting in disclosure of sensitive information.

CPENameOperatorVersion
jenkins dimensions pluginle0.8.16
jenkins dimensions pluginle0.8.14
jenkins dimensions pluginle0.9.3
jenkins dimensions pluginle0.8.16
jenkins dimensions pluginle0.8.14
jenkins dimensions pluginle0.9.3

Name	Operator	Version
jenkins dimensions plugin	le	0.8.16
jenkins dimensions plugin	le	0.8.14
jenkins dimensions plugin	le	0.9.3
jenkins dimensions plugin	le	0.8.16
jenkins dimensions plugin	le	0.8.14
jenkins dimensions plugin	le	0.9.3