CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40347
https://notcve.org/view.php?id=CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3153 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999030
https://notcve.org/view.php?id=CVE-2018-1999030
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. Existe una vulnerabilidad de exposición de información sensible en el plugin Maven Artifact ChoiceListProvider (Nexus) en Jenkins en versiones 1.3.1 y anteriores en ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java y Nexus3ChoiceListProvider.java que permite que los atacantes capturen credenciales con un ID de credenciales conocido almacenado en Jenkins. • https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •