Unrated severityNVD Advisory· Published Jul 4, 2025· Updated Dec 12, 2025

Jenkins-image: sensitive data disclosure when using openshift jenkins image

CVE-2024-9453

Description

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

Affected products

Red Hat/OpenShift Developer Tools and Servicesv5
cpe:/a:redhat:ocp_tools
Red Hat/Openshiftllm-fuzzy
osv-coords8 versions
pkg:apk/chainguard/jenkins-2 pkg:apk/chainguard/jenkins-2.462 pkg:apk/chainguard/jenkins-2.492 pkg:apk/chainguard/jenkins-2.504 pkg:apk/chainguard/jenkins-2.516 pkg:apk/chainguard/jenkins-2.528 pkg:apk/wolfi/jenkins-2 pkg:bitnami/jenkins
< 0+ 7 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)
Jenkins/openshift-sync-pluginv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2024-9453mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000