Vulnerability Description
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Plain Credentials | <= 182.v468b_97b_9dcb_8 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/06/26/2Mailing List
- https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495Vendor Advisory
- http://www.openwall.com/lists/oss-security/2024/06/26/2Mailing List
- https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495Vendor Advisory
FAQ
What is CVE-2024-39459?
CVE-2024-39459 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can b...
How severe is CVE-2024-39459?
CVE-2024-39459 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39459?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Plain Credentials.