What is CVE-2023-3442?

CVE-2023-3442 is a missing authorization vulnerability in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1.

How severe is CVE-2023-3442?

CVE-2023-3442 has a severity rating of 7.7 (high).

What is the affected software for CVE-2023-3442?

The affected software for CVE-2023-3442 includes versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1.

How can I fix CVE-2023-3442?

To fix CVE-2023-3442, you need to apply version 1.38.1 of the Jenkins plug-in for ServiceNow DevOps.

What is the Common Weakness Enumeration (CWE) for CVE-2023-3442?

The Common Weakness Enumeration (CWE) for CVE-2023-3442 is CWE-862.

Vulnerability/
CVE-2023-3442

high

7.7

CWE

862

26/7/2023

15/10/2024

CVE-2023-3442: Missing Authorization in Jenkins plug-in for ServiceNow DevOps

First published: Wed Jul 26 2023(Updated: )

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

Credit: psirt@servicenow.com psirt@servicenow.com psirt@servicenow.com

Affected Software	Affected Version	How to fix
Jenkins Servicenow Devops	<1.38.1

Never miss a vulnerability like this again

Reference Links

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1434119

Frequently Asked Questions

What is CVE-2023-3442?
CVE-2023-3442 is a missing authorization vulnerability in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1.
How severe is CVE-2023-3442?
CVE-2023-3442 has a severity rating of 7.7 (high).
What is the affected software for CVE-2023-3442?
The affected software for CVE-2023-3442 includes versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1.
How can I fix CVE-2023-3442?
To fix CVE-2023-3442, you need to apply version 1.38.1 of the Jenkins plug-in for ServiceNow DevOps.
What is the Common Weakness Enumeration (CWE) for CVE-2023-3442?
The Common Weakness Enumeration (CWE) for CVE-2023-3442 is CWE-862.

collector/github-advisory-latest
alias/GHSA-cj2x-r74q-vcx9
alias/CVE-2023-3442
collector/github-advisory
collector/nvd-api
collector/nvd-latest
collector/nvd-index
collector/nvd-cve
agent/type
agent/references
agent/softwarecombine
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/tags
agent/first-publish-date
agent/event
package-manager/maven
vendor/jenkins
canonical/jenkins servicenow devops

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.