Moderate severityNVD Advisory· Published Jun 26, 2024· Updated Feb 13, 2025

CVE-2024-39459

Description

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:plain-credentialsMaven	< 183.va	183.va

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.plugins/plain-credentials
Range: < 183.va
Jenkins Project/SSH Credentials Plugincpe-rescue
Range: 0

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-3cpq-rw36-cppvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-39459ghsaADVISORY
www.jenkins.io/security/advisory/2024-06-26/ghsavendor-advisoryWEB
www.openwall.com/lists/oss-security/2024/06/26/2ghsaWEB
github.com/jenkinsci/plain-credentials-plugin/commit/ade8f1dd5a2bc69357995fd50baac56d73f80813ghsaWEB

News mentions

Jenkins Security Advisory 2024-06-26
Jenkins Security Advisories · Jun 26, 2024

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000