From 7bffe5a467e660d8e8b468b08574caa0884ff22a Mon Sep 17 00:00:00 2001
From: Weston Steimel <commits@weston.slmail.me>
Date: Fri, 15 Nov 2024 11:02:22 +0000
Subject: [PATCH] correct CVE-2023-50770

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---
 data/anchore/2023/CVE-2023-50770.json | 44 +++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 data/anchore/2023/CVE-2023-50770.json

diff --git a/data/anchore/2023/CVE-2023-50770.json b/data/anchore/2023/CVE-2023-50770.json
new file mode 100644
index 00000000..892e9b5c
--- /dev/null
+++ b/data/anchore/2023/CVE-2023-50770.json
@@ -0,0 +1,44 @@
+{
+  "additionalMetadata": {
+    "cna": "jenkins",
+    "cveId": "CVE-2023-50770",
+    "description": "Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.",
+    "reason": "Fix incorrect CPE that was pointing to jenkins openid plugin rather than oic-auth.  Also adds the fixed in version",
+    "references": [
+      "http://www.openwall.com/lists/oss-security/2023/12/13/4",
+      "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3168"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:jenkins:openid_connect_authentication:*:*:*:*:*:jenkins:*:*",
+          "cpe:2.3:a:org.jenkins-ci.plugins:oic-auth:*:*:*:*:*:jenkins:*:*"
+        ],
+        "product": "Jenkins OpenId Connect Authentication Plugin",
+        "vendor": "Jenkins Project",
+        "versions": [
+          {
+            "lessThan": "4.229.vf736b_fec02f4",
+            "status": "affected",
+            "version": "0",
+            "versionType": "maven"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/jenkinsci/oic-auth-plugin/pull/287"
+      },
+      {
+        "url": "https://github.com/jenkinsci/oic-auth-plugin/commit/f736bfec02f4244cca6113c82d17a2e788b1c0a8"
+      }
+    ]
+  }
+}
\ No newline at end of file