Main Vulnerability Database Vulnerabilities #VU71548

#VU71548 Cleartext storage of sensitive information in GitHub Pull Request Coverage Status - CVE-2023-24442

Published: January 26, 2023

Vulnerability identifier: #VU71548

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-24442

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
GitHub Pull Request Coverage Status

Software vendor:
Jenkins

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file com.github.terma.jenkins.githubprcoveragestatus.Configuration.xml. A local user can gain access to these credentials.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://jenkins.io/security/advisory/2023-01-24/

#VU71548 Cleartext storage of sensitive information in GitHub Pull Request Coverage Status - CVE-2023-24442

Description

Remediation

External links

Please verify you're human