Strix
26.1K

CVE-2023-25721

MEDIUMCVSS 6.5/10EPSS 0.65%

Last modified

CVE-2023-25721 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.65%

46.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
VeracodeVeracode< 23.3.19.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-25721?
Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.
How severe is CVE-2023-25721?
CVE-2023-25721 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.
How do I fix CVE-2023-25721?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-25721?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST