Описание
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10370
- https://github.com/jenkinsci/mask-passwords-plugin/pull/20
- https://github.com/jenkinsci/mask-passwords-plugin/commit/aadefdbf319954cf0c5acbe032637e1c0a924f37
- https://jenkins.io/security/advisory/2019-08-07/#SECURITY-157
- http://www.openwall.com/lists/oss-security/2019/08/07/1
Пакеты
Наименование
org.jenkins-ci.plugins:mask-passwords
maven
Затронутые версииВерсия исправления
<= 2.12.0
2.13.0
Связанные уязвимости
CVSS3: 6.5
nvd
больше 6 лет назад
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.