Moderate severityNVD Advisory· Published Mar 28, 2023· Updated Feb 19, 2025
CVE-2023-25721
CVE-2023-25721
Description
Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.veracode.jenkins:veracode-scanMaven | < 23.3.19.0 | 23.3.19.0 |
Affected products
2- Veracode/Scan Jenkins Plugindescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-c4jr-vjm4-27hqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25721ghsaADVISORY
- community.veracode.com/s/spotlight/frequently-asked-questions-for-cve-2023-25721-and-cve-2023-25722-MCFT34TH6OGRFR7F7JGDQQP4TNZEghsaWEB
- docs.veracode.com/updates/r/c_all_intghsaWEB
- veracode.comghsaWEB
News mentions
0No linked articles in our index yet.