exploitDog

CVE-2023-39152

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.

Ссылки

http://www.openwall.com/lists/oss-security/2023/07/26/2
Mailing List
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3208
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/07/26/2
Mailing List
https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3208
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:gradle:2.8:*:*:*:*:jenkins:*:*

EPSS

Процентиль: 30%

0.00114

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-670

Связанные уязвимости

GHSA-pvjf-4hfg-wr84

CVSS3: 6.5

github

больше 2 лет назад

Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log

EPSS

Процентиль: 30%

0.00114

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-670