Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-g472-f8cm-8x5f

GitHub Security Advisory

Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration.

This client secret can be viewed by users with access to the Jenkins controller file system.

Additionally, the global configuration form does not mask the WSO2 Oauth client secret, increasing the potential for attackers to observe and capture it.

Affected Packages

Maven org.jenkins-ci.plugins:wso2id-oauth
Affected versions: 0 (last affected: 1.0)

Related CVEs

CVE-2023-30527

Key Information

GHSA ID
GHSA-g472-f8cm-8x5f
Published
April 12, 2023 6:30 PM
Last Modified
April 12, 2023 10:19 PM
CVSS Score
2.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:wso2id-oauth
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.