Advisory Database
  • Advisories
  • Dependency Scanning
  1. maven
  2. ›
  3. com.veracode.jenkins/veracode-scan
  4. ›
  5. CVE-2023-25722

CVE-2023-25722: Veracode Scan Jenkins Plugin vulnerable to information disclosure

March 28, 2023 (updated April 5, 2023)

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the “Connect using proxy” option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments.

References

  • community.veracode.com/s/global-search/CVE-2023-25722
  • docs.veracode.com/updates/r/c_all_int
  • github.com/advisories/GHSA-fjrv-vx9m-4jpj
  • nvd.nist.gov/vuln/detail/CVE-2023-25722
  • veracode.com/

Code Behaviors & Features

Detect and mitigate CVE-2023-25722 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 23.3.19.0

Fixed versions

  • 23.3.19.0

Solution

Upgrade to version 23.3.19.0 or above.

Impact 5.5 MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Learn more about CVSS

Source file

maven/com.veracode.jenkins/veracode-scan/CVE-2023-25722.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:41 +0000.