CVE-2023-39155 : Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key fo

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.

Published 2023-07-26 14:15:11

Updated 2023-08-01 20:33:14

Source Jenkins Project

View at NVD, CVE.org

Products affected by CVE-2023-39155

Jenkins » Chef Identity » For Jenkins
Versions up to, including, (<=) 2.0.3
cpe:2.3:a:jenkins:chef_identity:*:*:*:*:*:jenkins:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-39155

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-39155

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-39155

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-39155

https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3192

Jenkins Security Advisory 2023-07-26
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/07/26/2

oss-security - Multiple vulnerabilities in Jenkins and Jenkins plugins
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-39155

Products affected by CVE-2023-39155

Exploit prediction scoring system (EPSS) score for CVE-2023-39155

CVSS scores for CVE-2023-39155

CWE ids for CVE-2023-39155

References for CVE-2023-39155