Jenkins Maven Artifact CLP Plugin <1.15: insecure credentials via Item/Configure
CVE-2023-40347 Published on August 16, 2023

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

Vendor Advisory NVD

Products Associated with CVE-2023-40347

Want to know whenever a new CVE is published for Jenkins Maven Artifact Choicelistprovider Nexus? stack.watch will email you.

Jenkins Maven Artifact Choicelistprovider Nexus

Affected Versions

Jenkins Project Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin:

Before and including 1.14 is affected.

Exploit Probability

EPSS

0.13%

Percentile

32.87%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Maven Artifact CLP Plugin <1.15: insecure credentials via Item/ConfigureCVE-2023-40347 Published on August 16, 2023

Products Associated with CVE-2023-40347

Affected Versions

Exploit Probability

Jenkins Maven Artifact CLP Plugin <1.15: insecure credentials via Item/Configure
CVE-2023-40347 Published on August 16, 2023