CVE-2023-24439
First published: Tue Jan 24 2023(Updated: )
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins | <=2.0.165.v8846cf59f3db |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-24439?
CVE-2023-24439 is categorized as a high severity vulnerability due to the exposure of private keys in Jenkins.
How do I fix CVE-2023-24439?
To fix CVE-2023-24439, update the Jenkins JIRA Pipeline Steps Plugin to version 2.0.166 or later.
What are the risks associated with CVE-2023-24439?
The risks include unauthorized access to sensitive private keys that could lead to further system compromises.
Who is affected by CVE-2023-24439?
Users of the Jenkins JIRA Pipeline Steps Plugin version 2.0.165.v8846cf59f3db and earlier are affected.
What is the nature of the vulnerability in CVE-2023-24439?
CVE-2023-24439 involves the unencrypted storage of private keys in the global configuration file on the Jenkins controller.
- collector/mitre-cve
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/description
- vendor/jenkins
- canonical/jenkins
- version/jenkins/2.0.165.v8846cf59f3db