CVE-2024-9453
Jenkins-image: sensitive data disclosure when using openshift jenkins image
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.
Se encontró una vulnerabilidad en Red Hat OpenShift Jenkins. El token portador no está ofuscado en los registros y podría suponer un alto riesgo si estos registros se centralizan al momento de su recopilación. El token suele tener una validez de un año. Esta falla permite que un usuario malintencionado ponga en peligro el entorno si accede a información confidencial.
*Credits:
Red Hat would like to thank Aino de Vries for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-03 CVE Reserved
- 2025-07-04 CVE Published
- 2025-07-08 CVE Updated
- 2025-07-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-9453 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2316231 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Ocp Tools Search vendor "Redhat" for product "Ocp Tools" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||