CVE-2023-50770 — MEDIUM (6.7)

Q: How severe is CVE-2023-50770?

CVE-2023-50770 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-50770?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Openid.

Vulnerability Description

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jenkins	Openid	<= 2.6

Related Weaknesses (CWE)

CWE-522

References

http://www.openwall.com/lists/oss-security/2023/12/13/4Mailing List
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/12/13/4Mailing List
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168Vendor Advisory

FAQ

What is CVE-2023-50770?

CVE-2023-50770 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Je...

How severe is CVE-2023-50770?

CVE-2023-50770 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-50770?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Openid.