What is the severity of CVE-2023-40347?

CVE-2023-40347 has a severity rating of 6.5 (Medium).

What is the affected software for CVE-2023-40347?

The affected software for CVE-2023-40347 is Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin version 1.14 and earlier.

How does CVE-2023-40347 impact the credentials lookup in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin?

CVE-2023-40347 does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials reserved for the global configuration.

What can an attacker with Item/Configure permission do in relation to CVE-2023-40347?

An attacker with Item/Configure permission can access and misuse System-scoped credentials in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin.

Vulnerability/
CVE-2023-40347

medium

6.5

CWE

522

16/8/2023

8/10/2024

CVE-2023-40347

Q: What is the vulnerability ID for Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin?

The vulnerability ID for Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin is CVE-2023-40347.

First published: Wed Aug 16 2023(Updated: )

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins Maven Artifact Choicelistprovider \(nexus\)	<=1.14
maven/org.jenkins-ci.plugins:maven-artifact-choicelistprovider	<=1.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin?
The vulnerability ID for Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin is CVE-2023-40347.
What is the severity of CVE-2023-40347?
CVE-2023-40347 has a severity rating of 6.5 (Medium).
What is the affected software for CVE-2023-40347?
The affected software for CVE-2023-40347 is Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin version 1.14 and earlier.
How does CVE-2023-40347 impact the credentials lookup in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin?
CVE-2023-40347 does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials reserved for the global configuration.
What can an attacker with Item/Configure permission do in relation to CVE-2023-40347?
An attacker with Item/Configure permission can access and misuse System-scoped credentials in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin.

collector/nvd-api
collector/nvd-index
collector/nvd-cve
collector/github-advisory-latest
alias/GHSA-97mg-9jhf-r7rm
alias/CVE-2023-40347
collector/github-advisory
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
agent/author
agent/weakness
agent/severity
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
vendor/jenkins
canonical/jenkins maven artifact choicelistprovider \(nexus\)
version/jenkins maven artifact choicelistprovider \(nexus\)/1.14
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.