Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3g2g-rcm6-rrq2

GitHub Security Advisory

Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Affected Packages

Maven org.jenkins-ci.plugins:jira-steps
Affected versions: 0 (last affected: 2.0.165.v8846cf59f3db)

Related CVEs

CVE-2023-24440

Key Information

GHSA ID
GHSA-3g2g-rcm6-rrq2
Published
January 26, 2023 9:30 PM
Last Modified
February 6, 2023 4:40 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:jira-steps
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.