Описание
Password written to the build log by Jenkins SQLPlus Script Runner Plugin
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs.
This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission.
Jenkins SQLPlus Script Runner Plugin 2.0.13 no longer prints the password in the build logs.
Пакеты
Наименование
org.jenkins-ci.plugins:sqlplus-script-runner
maven
Затронутые версииВерсия исправления
< 2.0.13
2.0.13
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs.