4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-43494

GHSA ID

GHSA-279f-qwgh-h5mp

EPSS Score

0.97616%

CWE

Published

9/20/2023

Updated

3/12/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-43494

CVE-2023-43494:
Jenkins does not exclude sensitive build variables from search

Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc.

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from this search.

This allows attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.

Jenkins 2.424, LTS 2.414.2 excludes sensitive variables from this search.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-43494

GHSA ID

GHSA-279f-qwgh-h5mp

EPSS Score

0.97616%

CWE

Published

9/20/2023

Updated

3/12/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	>= 2.50, < 2.414.2	2.414.2
org.jenkins-ci.main:jenkins-core	maven	>= 2.415, < 2.424	2.424

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the pre-patch implementation of fitsSearchBuildVariables() which processed all build variables without considering sensitivity. The commit diff shows the vulnerability was fixed by adding a check against sensitiveBuildVariables before evaluating values. The original code's loop over buildVariables.values() without sensitivity filtering directly matches the described attack vector where sensitive parameters could be discovered through search pattern matching.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *llows *ilt*rin* *uil*s in t** *uil* *istory wi***t *y sp**i*yin* *n *xpr*ssion t**t s**r***s *or m*t**in* *uil*s *y n*m*, **s*ription, p*r*m*t*r v*lu*s, *t*. J*nkins *.** t*rou** *.*** (*ot* in*lusiv*), LTS *.**.* t*rou** *.***.* (*ot* in*l

Reasoning

T** vuln*r**ility st*ms *rom t** pr*-p*t** impl*m*nt*tion o* `*itsS**r***uil*V*ri**l*s()` w*i** pro**ss** *ll *uil* v*ri**l*s wit*out *onsi**rin* s*nsitivity. T** *ommit *i** s*ows t** vuln*r**ility w*s *ix** *y ***in* * ****k ***inst `s*nsitiv**uil*

4.3

Basic Information

Concerned about an active attack path?

CVE-2023-43494: Jenkins does not exclude sensitive build variables from search

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-43494:
Jenkins does not exclude sensitive build variables from search

Vulnerability Intelligence
Miggo AI