VYPR
← All advisories
Moderate severityNVD Advisory· Published Aug 16, 2023· Updated Oct 8, 2024

CVE-2023-40345

CVE-2023-40345

Description

Jenkins Delphix Plugin ≤3.0.2 fails to set the proper context for credential lookups, allowing Overall/Read users to access and capture unintended credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Jenkins Delphix Plugin ≤3.0.2 fails to set the proper context for credential lookups, allowing Overall/Read users to access and capture unintended credentials.

The Jenkins Delphix Plugin versions 3.0.2 and earlier contain a vulnerability where it does not set the appropriate context for credentials lookup [1][2]. This causes the plugin to expose credentials to users who should not have access to them.

An attacker with Overall/Read permission in Jenkins can exploit this flaw to access and capture credentials stored in Jenkins that they are not entitled to [3]. No additional privileges or network position beyond having the Overall/Read permission are required [1].

Successful exploitation allows an attacker to obtain sensitive credentials, which could be used to gain further unauthorized access to systems integrated with Jenkins [3].

The vulnerability is fixed in Delphix Plugin version 3.0.3 [1][2]. Users should upgrade to this version as soon as possible to mitigate the risk.

References
  1. Jenkins Security Advisory 2023-08-16
  2. security - Re: Multiple vulnerabilities in Jenkins plugins
  3. NVD - CVE-2023-40345

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:delphixMaven
< 3.0.33.0.3

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

1