CVE-2024-9453

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-9453	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2316231	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:jenkins:jenkins:-:*:*:*:-:*:*:*

cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-04 09:15

Updated : 2025-08-18 19:02

NVD link : CVE-2024-9453

Mitre link : CVE-2024-9453

CVE.ORG link : CVE-2024-9453

JSON object : View

Products Affected

jenkins

jenkins

redhat

openshift_developer_tools_and_services

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-9453", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-07-04T09:15:24.537", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-9453", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316231", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Red Hat OpenShift Jenkins. El token portador no est\u00e1 ofuscado en los registros y podr\u00eda suponer un alto riesgo si estos registros se centralizan al momento de su recopilaci\u00f3n. El token suele tener una validez de un a\u00f1o. Esta falla permite que un usuario malintencionado ponga en peligro el entorno si accede a informaci\u00f3n confidencial."}], "lastModified": "2025-08-18T19:02:46.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:-:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6DE294-9026-4F5B-8BF1-D968AE1D296B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}