A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

History

Mon, 18 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Jenkins
Jenkins jenkins
Redhat openshift Developer Tools And Services
CPEs cpe:2.3:a:jenkins:jenkins:-:*:*:*:-:*:*:*
cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*
Vendors & Products Jenkins
Jenkins jenkins
Redhat openshift Developer Tools And Services

Tue, 08 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 04 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Fri, 04 Jul 2025 08:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.
Title Jenkins-image: sensitive data disclosure when using openshift jenkins image
First Time appeared Redhat
Redhat ocp Tools
Weaknesses CWE-532
CPEs cpe:/a:redhat:ocp_tools
Vendors & Products Redhat
Redhat ocp Tools
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T21:01:29.380Z

Reserved: 2024-10-03T00:24:06.523Z

Link: CVE-2024-9453

cve-icon Vulnrichment

Updated: 2025-07-08T14:19:36.309Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-04T09:15:24.537

Modified: 2025-08-18T19:02:46.957

Link: CVE-2024-9453

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-04T08:31:29Z

Links: CVE-2024-9453 - Bugzilla

cve-icon OpenCVE Enrichment

No data.