A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials.

Affected Packages

Maven org.jenkins-ci.plugins:dimensionsscm

Affected versions: 0.8.17 (fixed in 0.9.3.1)

Related CVEs

CVE-2023-32263

Key Information

GHSA ID

GHSA-8hc6-w44m-wfxf

Published

July 19, 2023 6:30 PM

Last Modified

January 30, 2024 11:04 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:dimensionsscm

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.