Moderate severityNVD Advisory· Published Jan 24, 2023· Updated Apr 2, 2025
CVE-2023-24442
CVE-2023-24442
Description
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:github-pr-coverage-statusMaven | <= 2.2.0 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-4x65-4fjx-r7m6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-24442ghsaADVISORY
- www.jenkins.io/security/advisory/2023-01-24/ghsaWEB
News mentions
1- Jenkins Security Advisory 2023-01-24Jenkins Security Advisories · Jan 24, 2023