CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-39459: In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on...

Description

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

Classification

CVE ID: CVE-2024-39459

Affected Products

Vendor: Jenkins Project

Product: Jenkins Plain Credentials Plugin

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.98% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495
http://www.openwall.com/lists/oss-security/2024/06/26/2

Timeline