CVE-2023-40347: Insufficiently Protected Credentials

August 16, 2023 (updated August 18, 2023)

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

References

www.openwall.com/lists/oss-security/2023/08/16/3
nvd.nist.gov/vuln/detail/CVE-2023-40347
www.jenkins.io/security/advisory/2023-08-16/

Code Behaviors & Features

Detect and mitigate CVE-2023-40347 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →