CVE-2023-30527
First published: Wed Apr 12 2023(Updated: )
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=1.0 | ||
| Jenkins Wso2 Oauth | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-30527?
CVE-2023-30527 has been classified as a high-severity vulnerability due to the unencrypted storage of sensitive client secrets.
How do I fix CVE-2023-30527?
To fix CVE-2023-30527, upgrade the WSO2 Oauth Plugin to a version later than 1.0 where the client secret is stored securely.
What are the risks associated with CVE-2023-30527?
The risks associated with CVE-2023-30527 include potential exposure of the WSO2 Oauth client secret to unauthorized users, leading to account compromise.
Which versions of the WSO2 Oauth Plugin are affected by CVE-2023-30527?
CVE-2023-30527 affects WSO2 Oauth Plugin version 1.0 and earlier.
Where is the WSO2 Oauth client secret stored in CVE-2023-30527?
In CVE-2023-30527, the WSO2 Oauth client secret is stored unencrypted in the global config.xml file on the Jenkins controller.
- collector/nvd-index
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/jenkins
- canonical/jenkins wso2 oauth
- version/jenkins wso2 oauth/1.0