Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2024-9453

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 6 months ago
@LeSuisse removed
8 packages
- jenkins
- jenkins-job-builder
- python312Packages.jenkinsapi
- python313Packages.jenkinsapi
- python312Packages.python-jenkins
- python313Packages.python-jenkins
- python312Packages.jenkins-job-builder
- python313Packages.jenkins-job-builder
1 month ago
@LeSuisse dismissed 1 month ago

Jenkins-image: sensitive data disclosure when using openshift jenkins image

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

References

https://access.redhat.com/security/cve/CVE-2024-9453 x_refsource_REDHAT vdb-entry
RHBZ#2316231 issue-tracking x_refsource_REDHAT
RHBZ#2316231 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9453 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-9453 x_refsource_REDHAT vdb-entry
RHBZ#2316231 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9453 x_refsource_REDHAT vdb-entry
RHBZ#2316231 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-9453 x_refsource_REDHAT vdb-entry
RHBZ#2316231 issue-tracking x_refsource_REDHAT

Affected products

jenkins

openshift-sync-plugin

<1.1.0.818.v3883b_3b_df89a_

Ignored packages (8)

pkgs.jenkins

Extendable open source continuous integration server

nixos-unstable -
- nixpkgs-unstable 2.516.2

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable -
- nixpkgs-unstable 6.4.2

pkgs.python312Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable -
- nixpkgs-unstable 0.3.14

pkgs.python313Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable -
- nixpkgs-unstable 0.3.14

pkgs.python312Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable -
- nixpkgs-unstable 1.8.3

pkgs.python313Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable -
- nixpkgs-unstable 1.8.3

pkgs.python312Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable -
- nixpkgs-unstable 6.4.2

pkgs.python313Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable -
- nixpkgs-unstable 6.4.2

Not present in nixpkgs