Vulnerability Details : CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.

Published 2023-04-12 18:15:12

Updated 2023-04-20 21:58:37

Source Jenkins Project

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-30528

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-30528

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-30528

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Assigned by: [email protected] (Primary)

References for CVE-2023-30528

http://www.openwall.com/lists/oss-security/2023/04/13/3

Mailing List;Third Party Advisory

CVEs referencing this url
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2992

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2023-30528

Jenkins » Wso2 Oauth » For Jenkins
Versions up to, including, (<=) 1.0
cpe:2.3:a:jenkins:wso2_oauth:*:*:*:*:*:jenkins:*:*
Matching versions