Описание
Jenkins exposes multi-line secrets through error messages
Jenkins
Jenkins provides the secretTextarea form field for multi-line secrets.
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field.
This can result in exposure of multi-line secrets through those error messages, e.g., in the system log.
Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the secretTextarea form field.
Пакеты
org.jenkins-ci.main:jenkins-core
< 2.462.3
2.462.3
org.jenkins-ci.main:jenkins-core
>= 2.466, < 2.479
2.479
Связанные уязвимости
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact mul ...
Уязвимость сервера автоматизации Jenkins, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации
