CVE-2023-23848

Incorrect Default Permissions in maven/org.jenkins-ci.plugins/synopsys-coverity

Identifiers

GHSA-c3v2-5388-v8pw, CVE-2023-23848

Package Slug

maven/org.jenkins-ci.plugins/synopsys-coverity

Vulnerability

Incorrect Default Permissions

Description

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected Versions

All versions up to 3.0.2

Solution

Upgrade to version 3.0.3 or above.

Last Modified

2024-01-31

source