Publish GHSA-6r5w-jjr5-qvgr

advisory-database[bot] · advisory-database[bot] · commit fd17a013f67a · 2024-11-15T22:28:02.000Z
diff --git a/advisories/github-reviewed/2023/12/GHSA-6r5w-jjr5-qvgr/GHSA-6r5w-jjr5-qvgr.json b/advisories/github-reviewed/2023/12/GHSA-6r5w-jjr5-qvgr/GHSA-6r5w-jjr5-qvgr.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6r5w-jjr5-qvgr",
-  "modified": "2023-12-18T18:39:10Z",
+  "modified": "2024-11-15T22:26:42Z",
   "published": "2023-12-13T18:31:04Z",
   "aliases": [
     "CVE-2023-50770"
   ],
   "summary": "Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin ",
-  "details": "Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.",
+  "details": "Jenkins OpenId Connect Authentication Plugin stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "2.6"
+              "fixed": "4.229.vf736b"
             }
           ]
         }
@@ -40,6 +40,22 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50770"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jenkinsci/oic-auth-plugin/issues/259"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jenkins-infra/update-center2/pull/773"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jenkinsci/oic-auth-plugin/pull/287"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jenkinsci/oic-auth-plugin"
+    },
     {
       "type": "WEB",
       "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168"
