CVE-2023-30528
First published: Wed Apr 12 2023(Updated: )
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.
Credit: jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=1.0 | ||
| Jenkins Wso2 Oauth | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-30528?
CVE-2023-30528 is considered a medium severity vulnerability due to its potential to expose sensitive credentials.
How do I fix CVE-2023-30528?
To fix CVE-2023-30528, it is recommended to upgrade the WSO2 Oauth Plugin to version 1.1 or later.
What does CVE-2023-30528 affect?
CVE-2023-30528 affects Jenkins WSO2 Oauth Plugin versions 1.0 and earlier.
What kind of information is exposed in CVE-2023-30528?
CVE-2023-30528 exposes the WSO2 Oauth client secret on the global configuration form.
Is there a workaround for CVE-2023-30528?
There are no officially documented workarounds for CVE-2023-30528; upgrading the plugin is the recommended solution.
- collector/nvd-index
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/jenkins
- canonical/jenkins wso2 oauth
- version/jenkins wso2 oauth/1.0