{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47803", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-10-01T20:59:52.483Z", "datePublished": "2024-10-02T15:35:02.392Z", "dateUpdated": "2025-03-19T17:47:32.684Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-10-07T08:19:38.231Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"version": "2.462.3", "versionType": "maven", "lessThan": "2.462.*", "status": "unaffected"}, {"version": "2.479", "versionType": "maven", "lessThan": "*", "status": "unaffected"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field."}], "references": [{"name": "Jenkins Security Advisory 2024-10-02", "url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451", "tags": ["vendor-advisory"]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-209", "lang": "en", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T16:31:49.263176Z", "id": "CVE-2024-47803", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-19T17:47:32.684Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-47803", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T16:31:49.263176Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:32:11.868Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"status": "unaffected", "version": "2.462.3", "lessThan": "2.462.*", "versionType": "maven"}, {"status": "unaffected", "version": "2.479", "lessThan": "*", "versionType": "maven"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451", "name": "Jenkins Security Advisory 2024-10-02", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-10-07T08:19:38.231Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47803", "state": "PUBLISHED", "dateUpdated": "2025-03-19T17:47:32.684Z", "dateReserved": "2024-10-01T20:59:52.483Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2024-10-02T15:35:02.392Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "3DA7AA45-38D7-4467-99C6-A34C63603CF9", "versionEndExcluding": "2.462.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "F3B756C9-D72A-42D2-8E00-C4DF866AA11A", "versionEndExcluding": "2.479", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field."}, {"lang": "es", "value": "Jenkins 2.478 y anteriores, LTS 2.462.2 y anteriores no redactan valores secretos de varias l\u00edneas en los mensajes de error generados para env\u00edos de formularios que involucran el campo de formulario `secretTextarea`."}], "id": "CVE-2024-47803", "lastModified": "2025-03-19T18:15:23.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-10-02T16:15:10.630", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8886", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.462.3.1730119132-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8886", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-2-plugins-0:4.12.1730119231-1.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8887", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.462.3.1729839924-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8887", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-2-plugins-0:4.13.1729840148-1.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8885", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-0:2.462.3.1729839727-3.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8885", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-2-plugins-0:4.14.1729839844-1.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8884", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-0:2.462.3.1729837947-3.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8884", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-2-plugins-0:4.15.1729838165-1.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-11-05T00:00:00Z"}], "bugzilla": {"description": "jenkins: Exposure of multi-line secrets through error messages", "id": "2316137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316137"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-209", "details": ["Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.", "A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is ei ther not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-47803", "package_state": [{"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}], "public_date": "2024-10-02T15:35:02Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47803\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47803\nhttps://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451"], "threat_severity": "Moderate"}

{}