Home > Vulnerability Database > CVE-2023-32262

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-32262

Good to know:

Date: July 19, 2023

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/

Language: Java

Severity Score

4.3

Related Resources (7)

Url: https://www.jenkins.io/security/advisory/2023-06-14/

Url: https://portal.microfocus.com/s/article/KM000019298

Url: https://plugins.jenkins.io/dimensionsscm/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32262

Url: https://plugins.jenkins.io/dimensionsscm

Url: https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3143

Url: https://www.mend.io/vulnerability-database/CVE-2023-32262

Severity Score

4.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:dimensionsscm:0.9.3.1

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us