CVE-2023-41934

Опубликовано: 06 сент. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Ссылки

http://www.openwall.com/lists/oss-security/2023/09/06/9
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/09/06/9
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:pipeline_maven_integration:*:*:*:*:*:jenkins:*:*

Версия до 1330.v18e473854496 (включая)

EPSS

Процентиль: 24%

0.0008

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-532

Связанные уязвимости

GHSA-9v8g-f9mq-739g