{"id":"CVE-2023-49653","details":"Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.","aliases":["GHSA-qmhq-876f-cr65"],"modified":"2026-03-20T12:31:59.682600Z","published":"2023-11-29T14:15:07.527Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/11/29/1"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3225"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/jira-plugin","events":[{"introduced":"0"},{"last_affected":"70ad5a5a324784c93209e8fb4de488a8dab971d4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.11"}]}}],"versions":["3.0.12","jira-1.26","jira-1.27","jira-1.28","jira-1.29","jira-1.30","jira-1.31","jira-1.32","jira-1.33","jira-1.34","jira-1.35","jira-1.36","jira-1.37","jira-1.38","jira-1.39","jira-1.40","jira-1.41","jira-2.0","jira-2.1","jira-2.2","jira-2.2.1","jira-2.3","jira-2.4","jira-2.4.2","jira-2.5","jira-2.5.1","jira-2.5.2","jira-3.0.0","jira-3.0.1","jira-3.0.10","jira-3.0.11","jira-3.0.12","jira-3.0.13","jira-3.0.14","jira-3.0.15","jira-3.0.16","jira-3.0.17","jira-3.0.18","jira-3.0.2","jira-3.0.3","jira-3.0.4","jira-3.0.5","jira-3.0.6","jira-3.0.7","jira-3.0.8","jira-3.0.9","jira-3.1.0","jira-3.1.1","jira-3.1.2","jira-3.1.3","jira-3.10","jira-3.11","jira-3.2","jira-3.2.1","jira-3.3","jira-3.4","jira-3.5","jira-3.6","jira-3.7","jira-3.8","jira-3.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49653.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}