Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43366
HistorySep 25, 2023 - 8:27 a.m.

Sensitive Information Exposure

2023-09-2508:27:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
jenkins-core
sensitive information exposure
historypagefilter.java
build variables
item/read permission

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

18.6%

jenkins-core is vulnerable to Sensitive Information Exposure. The vulnerability is due to the fitsSearchBuildVariables method in HistoryPageFilter.java. This method handles all build variables the same way without considering it’s sensitivity which can lead attackers with Item/Read permission to obtain sensitive variables values used in builds.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

18.6%