CVE-2024-39459

MEDIUM

Jenkins Plain Credentials Plugin <182.v468b_97b_9dcb_8 - Info Discl...

Title source: llm

Description

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

References (2)

[Vendor Advisory] https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495

[Mailing List] http://www.openwall.com/lists/oss-security/2024/06/26/2

Scores

CVSS v3 4.3

EPSS 0.0016

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (2)

jenkins/plain_credentials < 182.v468b_97b_9dcb_8

org.jenkins-ci.plugins/plain-credentials 0 - 183.vaMaven

Published Jun 26, 2024

Tracked Since Feb 18, 2026