CVE-2024-9453

Medium CVSS: 6.5

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

Vendor

Jenkins

Product

Jenkins

CWE

CWE-532

Yayın Tarihi

2025-07-04 09:15:24

Güncelleme

2025-08-18 19:02:46

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-532 Jenkins MEDIUM Jenkins 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2024-9453 https://bugzilla.redhat.com/show_bug.cgi?id=2316231

Benzer Kayıtlar

High

CVE-2026-33001

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar a…

High

CVE-2026-33002

Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validatio…

Medium

CVE-2026-33003

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins co…

Medium

CVE-2026-33004

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, incre…

High

CVE-2026-27099

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-prov…

Medium

CVE-2026-27100

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting…