1. Home
  2. Vulnerabilities
  3. CVE-2023-43494

CVE-2023-43494

CVSS v3.1 4.3 (Medium)
43% Progress
EPSS 0.05 % (19th)
0.05% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2023-09-20 17:15:11
(12 months ago)
Updated Date
2023-09-25 13:43:35
(11 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins from 2.50 version and prior 2.424 version cpe:2.3:a:jenkins:jenkins::*:*:*:- >= 2.50 < 2.424
  Jenkins from 2.60.1 version and prior 2.414.2 version cpe:2.3:a:jenkins:jenkins::*:*:*:lts >= 2.60.1 < 2.414.2