Lucene search
JenkinsVULNRICHMENT:CVE-2023-46651HistoryOct 25, 2023 - 1:45 p.m.
CVE-2023-46651
2023-10-2513:45:53
jenkins
github.com
jenkins warnings plugin
credentials lookup
unauthorized access
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
21.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
Related
prion
prion
Design/Logic Flaw
2023-10-25 18:17:00
cvelist
cvelist
CVE-2023-46651
2023-10-25 13:45:53
nvd
nvd
CVE-2023-46651
2023-10-25 18:17:39
github
github
Jenkins Warnings Plugin exposures system-scoped credentials
2023-10-25 18:32:25
osv
osv
Jenkins Warnings Plugin exposures system-scoped credentials
2023-10-25 18:32:25
alpinelinux
alpinelinux
CVE-2023-46651
2023-10-25 18:17:39
cve
cve
CVE-2023-46651
2023-10-25 18:17:39
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-10-25)
2023-10-25 00:00:00
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
21.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-46651