Home > Vulnerability Database > CVE-2023-32261

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-32261

Good to know:

Date: July 19, 2023

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/

Language: Java

Severity Score

4.2

Related Resources (8)

Url: https://portal.microfocus.com/s/article/KM000019297

Url: https://www.jenkins.io/security/advisory/2023-06-14/

Url: https://plugins.jenkins.io/dimensionsscm/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32261

Url: https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3138

Url: https://plugins.jenkins.io/dimensionsscm

Url: https://www.jenkins.io/security/advisory/2023-06-14

Url: https://www.mend.io/vulnerability-database/CVE-2023-32261

Severity Score

4.2

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:dimensionsscm:0.9.3.1

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us