Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

Published

2024-06-26T17:15:27.110

Last Modified

2025-10-10T15:26:09.097

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	plain_credentials	≤ 182.v468b_97b_9dcb_8	Yes

References

http://www.openwall.com/lists/oss-security/2024/06/26/2 Mailing List ([email protected])
https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/06/26/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)