CVE-2024-47805 | THREATINT

Description

Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.

PUBLISHED Reserved 2024-10-01 | Published 2024-10-02 | Updated 2025-03-14 | Assigner jenkins

Product status

Default status

unaffected

1371.1373.v4eb_fa_b_7161e9

unaffected

Any version

affected

References

www.jenkins.io/security/advisory/2024-10-02/ (Jenkins Security Advisory 2024-10-02) vendor-advisory

cve.org (CVE-2024-47805)

nvd.nist.gov (CVE-2024-47805)

Download JSON