Published on: Not Yet Published
Last Modified on: 02/02/2023 03:43:00 PM UTC
CVE-2023-24437Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Jira Pipeline Steps from Jenkins contain the following vulnerability:
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
- CVE-2023-24437 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Jenkins Project - Jenkins JIRA Pipeline Steps Plugin version <= 2.0.165.v8846cf59f3db
- Affected Vendor/Software: Jenkins Project - Jenkins JIRA Pipeline Steps Plugin version ?> 2.0.165.v8846cf59f3db
CVSS3 Score: 8.8 - HIGH
|Jenkins Security Advisory 2023-01-24|| www.jenkins.io |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
|Application||Jenkins||Jira Pipeline Steps||All||All||All||All|
No vendor comments have been submitted for this CVE
|@CVEreport||CVE-2023-24437 : A cross-site request forgery CSRF vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8… twitter.com/i/web/status/1…||2023-01-26 22:15:24|