5.7

CVE-2023-32263

Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server.  This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials.


  https://www.jenkins.io/security/advisory/2023-06-14/ 

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrofocusDimensions Cm SwPlatformjenkins Version >= 0.8.17 <= 0.9.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.161
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
security@opentext.com 2.6 1.2 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://plugins.jenkins.io/dimensionsscm/
Product
https://portal.microfocus.com/s/article/KM000019293
Vendor Advisory