CVE-2024-47805

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-47805
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47805.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47805
Aliases
Published
2024-10-02T16:15:10.753Z
Modified
2026-02-03T07:33:02.629627Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab_7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI.

References

Affected packages

Git / github.com/jenkinsci/credentials-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/credentials-plugin
Events
Fixed
4ebfab7161e93c51353dcf6224e8450b56009710
Introduced
fee6b095f0a3750136c4ef905dbdc27ace358133
Fixed
a435002fa924e90f7af9353b246c471edd118e96

Affected versions

1371.*
1371.vfee6b_095f0a_3
1378.*
1378.v81ef4269d764

Database specific

vanir_signatures 
[
    {
        "signature_type": "Function",
        "source": "https://github.com/jenkinsci/credentials-plugin/commit/a435002fa924e90f7af9353b246c471edd118e96",
        "target": {
            "file": "src/test/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImplTest.java",
            "function": "getContentFrom_doCheckUploadedKeystore"
        },
        "id": "CVE-2024-47805-6acd5eff",
        "signature_version": "v1",
        "digest": {
            "function_hash": "164725225811388745913033261042041545474",
            "length": 723.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/jenkinsci/credentials-plugin/commit/a435002fa924e90f7af9353b246c471edd118e96",
        "target": {
            "file": "src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java"
        },
        "id": "CVE-2024-47805-750a21eb",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "227789012663226576821697893368945104980",
                "101243417522049580872775062737715680453",
                "12982210172723552799732114508301167236",
                "188000590521261785348956186216725969729",
                "103365024988260552054976621924476322701",
                "204491974520689226852159887961419587272",
                "205620044847721228488468795622041493542"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/jenkinsci/credentials-plugin/commit/a435002fa924e90f7af9353b246c471edd118e96",
        "target": {
            "file": "src/test/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImplTest.java"
        },
        "id": "CVE-2024-47805-ab57bb01",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "88357800292263496038010660281559623237",
                "138183184243809333345261176689487106743",
                "127420473234323119363526059319749082273",
                "138835690480409494124222630800649178066"
            ]
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47805.json"