CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Published: May 16, 2023
Updated: May 10, 2024
CVE: CVE-2023-32982
GHSA: GHSA-38hw-368m-7jmg
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-311

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
org.jenkins-ci.plugins / ansible	-	205.v4cb
jenkins / ansible	-	204.v8191fd551eb_f.x

https://github.com/jenkinsci/ansible-plugin/commit/4cbc48657c21a65a917b3b3049918480198c0cfb
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017

Vulnerability Database

289,599

CVE-2023-32982