Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentJenkinsVULNRICHMENT:CVE-2024-39459
HistoryJun 26, 2024 - 5:06 p.m.

CVE-2024-39459

2024-06-2617:06:27
jenkins
github.com
4
jenkins
plain credentials plugin
insecure storage

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

CNA Affected

[
  {
    "vendor": "Jenkins Project",
    "product": "Jenkins Plain Credentials Plugin",
    "versions": [
      {
        "version": "0",
        "versionType": "maven",
        "lessThanOrEqual": "182.v468b_97b_9dcb_8",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

cvelist 1
nvd 1
redhatcve 1
cve 1
osv 1
github 1
nessus 1
cvelist
cvelist
CVE-2024-39459
2024-06-26 17:06:27
nvd
nvd
CVE-2024-39459
2024-06-26 17:15:27
redhatcve
redhatcve
CVE-2024-39459
2024-06-27 04:23:36
cve
cve
CVE-2024-39459
2024-06-26 17:15:27
osv
osv
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
2024-06-26 18:30:28
github
github
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
2024-06-26 18:30:28
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-06-26)
2024-06-26 00:00:00

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for VULNRICHMENT:CVE-2024-39459
cvelist1nvd1redhatcve1cve1osv1github1nessus1