Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-4302

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.9%
CVSS Severity
CVSS v3 Score 4.2
Products affected by CVE-2023-4302
  • Jenkins » Fortify » Version: 19.1.28
    cpe:2.3:a:jenkins:fortify:19.1.28
  • Jenkins » Fortify » Version: 19.1.29
    cpe:2.3:a:jenkins:fortify:19.1.29
  • Jenkins » Fortify » Version: 19.2.30
    cpe:2.3:a:jenkins:fortify:19.2.30
  • Jenkins » Fortify » Version: 20.1.32
    cpe:2.3:a:jenkins:fortify:20.1.32
  • Jenkins » Fortify » Version: 20.1.33
    cpe:2.3:a:jenkins:fortify:20.1.33
  • Jenkins » Fortify » Version: 20.2.34
    cpe:2.3:a:jenkins:fortify:20.2.34
  • Jenkins » Fortify » Version: 20.2.35
    cpe:2.3:a:jenkins:fortify:20.2.35
  • Jenkins » Fortify » Version: 21.1.36
    cpe:2.3:a:jenkins:fortify:21.1.36
  • Jenkins » Fortify » Version: 21.1.38
    cpe:2.3:a:jenkins:fortify:21.1.38
  • Jenkins » Fortify » Version: 21.2.37
    cpe:2.3:a:jenkins:fortify:21.2.37


Products
Pricing
Contact Us

Shodan ® - All rights reserved