CVE-2023-24442

MEDIUM

Jenkins GitHub Pull Request Coverage Status Plugin <2.2.0 - Info Di...

Title source: llm

Description

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

References (1)

Core 1

Core References

Vendor Advisory

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 15.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

jenkins/github_pull_request_coverage_status < 2.2.0

org.jenkins-ci.plugins/github-pr-coverage-status 0Maven

Published Jan 26, 2023

Tracked Since Feb 18, 2026