Description

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Remediation

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075

http://www.openwall.com/lists/oss-security/2023/04/13/3

Related Vulnerabilities

CVE-2022-25872 Vulnerability in npm package fast-string-search

CVE-2022-25875 Vulnerability in npm package svelte

CVE-2022-34186 Vulnerability in maven package com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter

CVE-2023-33725 Vulnerability in maven package org.broadleafcommerce:broadleaf

CVE-2020-2219 Vulnerability in maven package org.jenkins-ci.plugins:link-column

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory