Main Vulnerability Database Vulnerabilities #VU98066

#VU98066 Information disclosure in Credentials - CVE-2024-47805

Published: October 7, 2024

Vulnerability identifier: #VU98066

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-47805

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Credentials

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin does not redact encrypted values of credentials using the "SecretBytes" type when accessing item config.xml via REST API or CLI. A remote user can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3373

#VU98066 Information disclosure in Credentials - CVE-2024-47805

Description

Remediation

External links

Please verify you're human