CVE-2023-46651

Summary

CVE-2023-46651 affects the Jenkins Warnings Plugin version 10.5.0 and earlier. This vulnerability permits users with Item/Configure permissions to unauthorizedly access and capture credentials that they should not be entitled to. The issue arises due to insufficient context being set for credentials lookup. A fix for this issue has been implemented in version 10.4.1. By not properly securing credentials, attackers can potentially gain elevated access to sensitive information, posing a significant security risk to Jenkins installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.