Vulnerability in Jenkins Wso2_oauth

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

EPSS: 0.003 (24.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-30527?
CVE-2023-30527 is a medium-severity vulnerability in Jenkins Wso2_oauth, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.3/10. Published 2023-04-12.
How severe is CVE-2023-30527?
Medium severity. CVSS v3 base score is 4.3 out of 10.