Vulnerability Description
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Dimensions Cm | >= 0.8.17, < 0.9.3.1 |
Related Weaknesses (CWE)
References
- https://plugins.jenkins.io/dimensionsscm/Product
- https://portal.microfocus.com/s/article/KM000019297Vendor Advisory
- https://www.jenkins.io/security/advisory/2023-06-14/Third Party Advisory
- https://plugins.jenkins.io/dimensionsscm/Product
- https://portal.microfocus.com/s/article/KM000019297Vendor Advisory
- https://www.jenkins.io/security/advisory/2023-06-14/Third Party Advisory
FAQ
What is CVE-2023-32261?
CVE-2023-32261 is a vulnerability with a CVSS score of 4.2 (MEDIUM). A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of cred...
How severe is CVE-2023-32261?
CVE-2023-32261 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32261?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Dimensions Cm.