Description

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Remediation

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075

http://www.openwall.com/lists/oss-security/2023/04/13/3

Related Vulnerabilities

CVE-2022-25979 Vulnerability in maven package org.webjars.npm:jsuites

CVE-2023-2251 Vulnerability in npm package yaml

CVE-2022-24819 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2019-7611 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2022-42889 Vulnerability in maven package org.apache.commons:commons-text

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory