Unprotected storage of credentials in NS-ND Integration Performance Publisher - CVE-2023-33000
Published: May 18, 2023
Vulnerability identifier: #VU76300
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-33000
CWE-ID: CWE-256
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jenkins
Affected software:
NS-ND Integration Performance Publisher
NS-ND Integration Performance Publisher
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the affected plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. A remote attacker can gain access to sensitive information.
How to mitigate CVE-2023-33000
Install updates from vendor's website.