Description

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075

Related Vulnerabilities

CVE-2022-39396 Vulnerability in npm package parse-server

CVE-2020-7616 Vulnerability in npm package express-mock-middleware

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2022-39299 Vulnerability in npm package node-saml

CVE-2020-11973 Vulnerability in maven package org.apache.camel:camel-netty

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory