跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

Jenkins Advisory 2024-10-02: CVE-2024-47805: Encrypted values of credentials revealed to users with Extended Read permission in Credentials Plugin

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • 超级管理员

Jenkins Advisory 2024-10-02: CVE-2024-47805: Encrypted values of credentials revealed to users with Extended Read permission in Credentials Plugin

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
10/03/2024
Created
10/03/2024
Added
10/03/2024
Modified
01/28/2025

Description

Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.

Solution(s)

  • jenkins-lts-upgrade-2_462_3
  • jenkins-upgrade-2_479

References

  • https://attackerkb.com/topics/cve-2024-47805
  • CVE - 2024-47805
  • https://jenkins.io/security/advisory/2024-10-02/
  • 引用
  • Mention
    • 查看数 729
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
    注意:你的帖子需要版主批准后才能看到。

    游客
    回帖…
    转到主题列表