Homepage
About Snyk

Cleartext Storage of Sensitive Information Affecting org.jenkins-ci.plugins:oic-auth package, versions [0,]

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-6124887
  • published 14 Dec 2023
  • disclosed 13 Dec 2023
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 13 Dec 2023

CVE-2023-50770 Open this link in a new tab
CWE-312 Open this link in a new tab

How to fix?

There is no fixed version for org.jenkins-ci.plugins:oic-auth.

Overview

org.jenkins-ci.plugins:oic-auth is a Jenkins plugin which lets you login to Jenkins using your own, self-hosted or public openid connect server.

Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to improper storage of a local user account password. An attacker with access to the Jenkins controller file system can recover the plain text password of that account, potentially gaining administrator access to Jenkins.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.5 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    High
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High
Expand this section

NVD

6.7 medium