CVE-2024-39459

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

Related Vulnerabilities

CVE-2017-16560

MEDIUM
CVSS:4.3(Medium)

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user ...

CWE-9222017

CVE-2019-12825

MEDIUM
CVSS:4.3(Medium)

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups....

CWE-9222019

CVE-2019-13717

MEDIUM
CVSS:4.3(Medium)

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CWE-9222019

CVE-2019-13719

MEDIUM
CVSS:4.3(Medium)

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CWE-9222019

CVE-2020-26176

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an atta...

CWE-9222020

CVE-2020-29603

MEDIUM
CVSS:4.3(Medium)

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having acce...

CWE-9222020