Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-q9hm-hr89-hgm7

GitHub Security Advisory

Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration.

This client secret can be viewed by users with access to the Jenkins controller file system.

Additionally, the global configuration form does not mask the WSO2 Oauth client secret, increasing the potential for attackers to observe and capture it.

Affected Packages

Maven org.jenkins-ci.plugins:wso2id-oauth
Affected versions: 0 (last affected: 1.0)

Related CVEs

CVE-2023-30528

Key Information

GHSA ID
GHSA-q9hm-hr89-hgm7
Published
April 12, 2023 6:30 PM
Last Modified
April 12, 2023 10:19 PM
CVSS Score
2.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:wso2id-oauth
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.