Moderate severityNVD Advisory· Published Jul 19, 2023· Updated Oct 29, 2024
Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3
CVE-2023-32261
Description
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:dimensionsscmMaven | < 0.9.3.1 | 0.9.3.1 |
Affected products
2- Range: 0.8.17
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-27pr-r7hm-c2rcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32261ghsaADVISORY
- plugins.jenkins.io/dimensionsscmghsaWEB
- portal.microfocus.com/s/article/KM000019297ghsaWEB
- www.jenkins.io/security/advisory/2023-06-14ghsaWEB
- www.jenkins.io/security/advisory/2023-06-14/ghsaWEB
- plugins.jenkins.io/dimensionsscm/mitre
- www.jenkins.io/security/advisory/2023-06-14/mitre
News mentions
1- Jenkins Security Advisory 2023-06-14Jenkins Security Advisories · Jun 14, 2023