CVE-2023-50770
CVE-2023-50770
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
13 dez 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.
Produtos afetados
Jenkins Project · Jenkins OpenId Connect Authentication Plugin