CVE-2023-4302 - Vulnerability Details - OpenCVE

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00176.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Jenkins	Fortify

Configuration 1 [-]

cpe:2.3:a:jenkins:fortify:*:*:*:*:*:jenkins:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2209	A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Github GHSA	GHSA-4xmf-344q-m4cc	Jenkins Fortify Plugin missing permission check

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115

History

Tue, 01 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2023-08-21T22:34:30.865Z

Updated: 2024-10-01T17:51:46.341Z

Reserved: 2023-08-10T21:31:10.324Z

Link: CVE-2023-4302

Vulnrichment

Updated: 2024-08-02T07:24:04.695Z

NVD

Status : Modified

Published: 2023-08-21T23:15:09.247

Modified: 2024-11-21T08:34:49.190

Link: CVE-2023-4302

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4302", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-08-10T21:31:10.324Z", "datePublished": "2023-08-21T22:34:30.865Z", "dateUpdated": "2024-10-01T17:51:46.341Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Jenkins Fortify Plugin", "vendor": "Jenkins Project", "versions": [{"lessThanOrEqual": "22.1.38", "status": "affected", "version": "0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Alvaro Mu\u00f1oz (@pwntester), GitHub Security Lab"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kevin Guerroudj, CloudBees, Inc."}], "datePublic": "2023-08-16T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.</p>"}], "value": "A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-08-21T22:34:30.865Z"}, "references": [{"name": "Jenkins Security Advisory 2023-08-16", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing permission checks in Fortify Plugin allow capturing credentials", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.695Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2023-08-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-01T17:46:36.772591Z", "id": "CVE-2023-4302", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T17:51:46.341Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115", "name": "Jenkins Security Advisory 2023-08-16", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.695Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4302", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-01T17:46:36.772591Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T17:51:41.614Z"}}], "cna": {"title": "Missing permission checks in Fortify Plugin allow capturing credentials", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Alvaro Mu\u00f1oz (@pwntester), GitHub Security Lab"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kevin Guerroudj, CloudBees, Inc."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Fortify Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "maven", "lessThanOrEqual": "22.1.38"}], "defaultStatus": "unaffected"}], "datePublic": "2023-08-16T07:00:00.000Z", "references": [{"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115", "name": "Jenkins Security Advisory 2023-08-16", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-08-21T22:34:30.865Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4302", "state": "PUBLISHED", "dateUpdated": "2024-10-01T17:51:46.341Z", "dateReserved": "2023-08-10T21:31:10.324Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2023-08-21T22:34:30.865Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:fortify:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "01FD7885-6F4B-49B8-AEA6-CC12328387EA", "versionEndExcluding": "22.2.39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.\n\n"}, {"lang": "es", "value": "La falta de comprobaci\u00f3n de permisos en Jenkins Fortify Plugin 22.1.38 y anteriores permite a los atacantes con permiso Overall/Read conectarse a una URL especificada por el atacante utilizando ID de credenciales especificadas por el atacante obtenidas a trav\u00e9s de otro m\u00e9todo, capturando credenciales almacenadas en Jenkins."}], "id": "CVE-2023-4302", "lastModified": "2024-11-21T08:34:49.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-21T23:15:09.247", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3115"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}