CVE-2023-50772

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 13, 2023
Updated: Dec 18, 2023
CWE ID 312

Summary

CVE-2023-50772 refers to a vulnerability found in Jenkins Dingding JSON Pusher Plugin versions 2.0 and earlier. The vulnerability allows access tokens to be stored without encryption in job config.xml files on the Jenkins controller. This means that users with Item/Extended Read permission or access to the Jenkins controller file system can view these access tokens. The affected products include t5UtKp, t5UtKr, t5UtKq, t5UtKt, and t5UtKs. To remediate this vulnerability, it is recommended to update the plugin to a version that encrypts the access tokens or remove the unencrypted tokens from the job config.xml files manually. The danger posed by this vulnerability is considered medium with a base severity score of 4.3 out of 10.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50772 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options