Home > Vulnerability Database > CVE-2024-39459

Mend.io Vulnerability Database

CVE-2024-39459

Good to know:

Date: June 26, 2024

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global) or with Item/Extended Read permission (folder-scoped credentials).

Language: Java

Severity Score

4.3

Related Resources (6)

Url: https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495

Url: http://www.openwall.com/lists/oss-security/2024/06/26/2

Url: https://github.com/jenkinsci/plain-credentials-plugin

Url: https://github.com/jenkinsci/plain-credentials-plugin/commit/ade8f1dd5a2bc69357995fd50baac56d73f80813

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39459

Url: https://www.mend.io/vulnerability-database/CVE-2024-39459

Severity Score

4.3

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Insecure Storage of Sensitive Information

CWE-922

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:plain-credentials: 183.va_de8f1dd5a_2b_

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39459

Good to know:

Date: June 26, 2024

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?