CVE-2023-50770 — Password stored in a recoverable format by Jenkins OpenId Connect Authentication

Description

Jenkins OpenId Connect Authentication Plugin stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

How to fix CVE-2023-50770

To remediate CVE-2023-50770, upgrade the affected package to a fixed version below.

—upgrade to 4.229.vf736b or later

Is CVE-2023-50770 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 4.229.vf736b

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-50770
PATCHgithub.com/jenkinsci/oic-auth-plugin
WEBgithub.com/jenkinsci/oic-auth-plugin/issues/259
WEBgithub.com/jenkinsci/oic-auth-plugin/pull/287
WEB