Description

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075

Related Vulnerabilities

CVE-2021-33040 Vulnerability in npm package epubjs

CVE-2022-1291 Vulnerability in maven package org.webjars.bower:github-com-hhurz-tableexport-jquery-plugin

CVE-2017-1000421 Vulnerability in maven package org.webjars:gifsicle

CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar

CVE-2022-0155 Vulnerability in npm package follow-redirects

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory