Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.
References
Link | Resource |
---|---|
https://docs.veracode.com/updates/r/c_all_int#veracode-jenkins-plugin-233190 | Release Notes |
https://veracode.com | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-03-28T00:00:00
Updated: 2023-03-28T00:00:00
Reserved: 2023-02-13T00:00:00
Link: CVE-2023-25721
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-28T20:15:11.093
Modified: 2023-04-05T01:54:40.417
Link: CVE-2023-25721
JSON object: View
Redhat Information
No data.
CWE