CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40347
https://notcve.org/view.php?id=CVE-2023-40347
16 Aug 2023 — Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999030
https://notcve.org/view.php?id=CVE-2018-1999030
01 Aug 2018 — An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. Existe una vulnerabilidad de exposición de información sensible en el plugin Maven Artifact ChoiceListProvider (Nexus) en Jenkins en versiones 1.3.1 y anteriores en ArtifactoryChoiceLis... • https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •