GHSA-pv2g-vm98-vjxf

Опубликовано: 16 авг. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they’re written to the build log.

Config File Provider Plugin 953.v0432a_802e4d2 masks credentials configured in configuration files if they appear in the build log.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:config-file-provider

maven

Затронутые версииВерсия исправления

< 953.v0432a

953.v0432a

EPSS

Процентиль: 48%

0.00251

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-40339

Связанные уязвимости

CVE-2023-40339

CVSS3: 7.5

redhat

больше 2 лет назад

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

CVE-2023-40339

CVSS3: 7.5

nvd

больше 2 лет назад

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

EPSS

Процентиль: 48%

0.00251

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2023-40339