Unprotected storage of credentials in NS-ND Integration Performance Publisher - CVE-2023-33000

 

Unprotected storage of credentials in NS-ND Integration Performance Publisher - CVE-2023-33000

Published: May 18, 2023


Vulnerability identifier: #VU76300
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-33000
CWE-ID: CWE-256
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Jenkins
Affected software:
NS-ND Integration Performance Publisher

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. A remote attacker can gain access to sensitive information.


How to mitigate CVE-2023-33000

Install updates from vendor's website.

Sources