ID CVE-2023-4302
Summary A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:fortify:19.1.28:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:19.1.28:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:19.1.29:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:19.1.29:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:19.2.30:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:19.2.30:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:20.1.32:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:20.1.32:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:20.1.33:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:20.1.33:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:20.2.34:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:20.2.34:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:20.2.35:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:20.2.35:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:21.1.36:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:21.1.36:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:fortify:21.2.37:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:fortify:21.2.37:*:*:*:*:jenkins:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 24-08-2023 - 21:36
Published 21-08-2023 - 23:15
Last modified 24-08-2023 - 21:36
Back to Top