Jenkins Cisco Spark Notifier Plugin 1.1.1: Credential ID Leak
CVE-2023-24451 Published on January 26, 2023

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

NVD

Products Associated with CVE-2023-24451

Want to know whenever a new CVE is published for Jenkins Cisco Spark? stack.watch will email you.

Jenkins Cisco Spark

Affected Versions

Jenkins Project Jenkins Cisco Spark Notifier Plugin:

Version unspecified, <= 1.1.1 is affected.
Version next of 1.1.1 and below unspecified is unknown.

Exploit Probability

EPSS

0.31%

Percentile

53.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Cisco Spark Notifier Plugin 1.1.1: Credential ID LeakCVE-2023-24451 Published on January 26, 2023

Products Associated with CVE-2023-24451

Affected Versions

Exploit Probability

Jenkins Cisco Spark Notifier Plugin 1.1.1: Credential ID Leak
CVE-2023-24451 Published on January 26, 2023