CVE-2023-40345

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 16, 2023

Updated: Oct 20, 2023

CWE ID 522

Summary

CVE-2023-40345 is a vulnerability affecting the Delphix Plugin version 3.0.2 and earlier used in Jenkins. The issue lies in the lack of proper context setting for credentials lookup, enabling attackers with Read permissions to gain unauthorized access to sensitive credentials that they are not entitled to. This vulnerability poses a significant risk to organizations by potentially exposing their Jenkins credentials to unauthorized entities. It is essential to update to the latest plugin version or implement additional security measures to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sV8Eah
https://www.cve.org/CVERecord?id=CVE-2023-40345
https://nvd.nist.gov/vuln/detail/CVE-2023-40345

Back to Vulnerability Database

CVE-2023-40345

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations