Описание
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they're written to the build log.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected | ||
| OCP-Tools-4.12-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2024:0778 | 12.02.2024 |
| OCP-Tools-4.14-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2024:0777 | 12.02.2024 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2232423jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 2 лет назад
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
CVSS3: 4.3
github
больше 2 лет назад
Jenkins Config File Provider Plugin improper credential masking vulnerability
7.5 High
CVSS3