{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9453", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-10-03T00:24:06.523Z", "datePublished": "2025-07-04T08:36:35.184Z", "dateUpdated": "2025-07-08T14:19:40.791Z"}, "containers": {"cna": {"title": "Jenkins-image: sensitive data disclosure when using openshift jenkins image", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information."}], "affected": [{"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "jenkins", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-9453", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316231", "name": "RHBZ#2316231", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-07-04T08:31:29.662Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2024-10-03T00:21:04.654000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-07-04T08:31:29.662000+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Aino de Vries for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-04T08:36:35.184Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T14:19:32.775749Z", "id": "CVE-2024-9453", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T14:19:40.791Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9453", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-10-03T00:24:06.523Z", "datePublished": "2025-07-04T08:36:35.184Z", "dateUpdated": "2025-07-08T14:19:40.791Z"}, "containers": {"cna": {"title": "Jenkins-image: sensitive data disclosure when using openshift jenkins image", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information."}], "affected": [{"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "jenkins", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-9453", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316231", "name": "RHBZ#2316231", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-07-04T08:31:29.662Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2024-10-03T00:21:04.654000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-07-04T08:31:29.662000+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Aino de Vries for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-04T08:36:35.184Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T14:19:32.775749Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T14:19:36.309Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Red Hat OpenShift Jenkins. El token portador no est\u00e1 ofuscado en los registros y podr\u00eda suponer un alto riesgo si estos registros se centralizan al momento de su recopilaci\u00f3n. El token suele tener una validez de un a\u00f1o. Esta falla permite que un usuario malintencionado ponga en peligro el entorno si accede a informaci\u00f3n confidencial."}], "id": "CVE-2024-9453", "lastModified": "2025-07-08T16:18:53.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-07-04T09:15:24.537", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/security/cve/CVE-2024-9453"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316231"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "[email protected]", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Aino de Vries for reporting this issue.", "bugzilla": {"description": "jenkins-image: Sensitive data disclosure when using Openshift Jenkins image", "id": "2316231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316231"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-532", "details": ["A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.", "A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2024-9453", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Fix deferred", "package_name": "jenkins", "product_name": "OpenShift Developer Tools and Services"}], "public_date": "2025-07-04T08:31:29Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-9453\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9453"], "threat_severity": "Moderate"}