Home > Vulnerability Database > CVE-2023-25721

Mend.io Vulnerability Database

CVE-2023-25721

Good to know:

Date: March 27, 2023

Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.

Language: Java

Severity Score

6.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25721

Url: https://github.com/jenkinsci/veracode-scan-plugin

Url: https://docs.veracode.com/updates/r/c_all_int#veracode-jenkins-plugin-233190

Url: https://community.veracode.com/s/spotlight/frequently-asked-questions-for-cve-2023-25721-and-cve-2023-25722-MCFT34TH6OGRFR7F7JGDQQP4TNZE

Url: https://veracode.com

Url: https://www.mend.io/vulnerability-database/CVE-2023-25721

Severity Score

6.5

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version com.veracode.jenkins:veracode-scan:23.3.19.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25721

Good to know:

Date: March 27, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?