CVE-2023-37951
First published: Wed Jul 12 2023(Updated: )
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Mabl | <=0.0.46 | |
| maven/com.mabl.integration.jenkins:mabl-integration | <0.0.47 | 0.0.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Jenkins mabl Plugin vulnerability?
The vulnerability ID for this Jenkins mabl Plugin vulnerability is CVE-2023-37951.
What is the severity of CVE-2023-37951?
CVE-2023-37951 has a severity of medium.
How does this Jenkins mabl Plugin vulnerability allow attackers to access credentials?
This vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.
What is the affected version of the Jenkins mabl Plugin?
The affected version of the Jenkins mabl Plugin is 0.0.46 and earlier.
How can I fix this vulnerability in Jenkins mabl Plugin?
To fix this vulnerability, update the Jenkins mabl Plugin to version 0.0.47 or later.
- collector/nvd-api
- collector/nvd-latest
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-4c3q-r84r-q6pp
- alias/CVE-2023-37951
- collector/github-advisory
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins mabl
- version/jenkins mabl/0.0.46
- package-manager/maven