Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2023/09/06/9 | Mailing List Third Party Advisory |
| https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2023/09/06/9 | Mailing List Third Party Advisory |
| https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:21
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.openwall.com/lists/oss-security/2023/09/06/9 - Mailing List, Third Party Advisory | |
| References | () https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 - Vendor Advisory |
26 Sep 2024, 20:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-532 |
12 Sep 2023, 13:24
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| First Time |
Jenkins pipeline Maven Integration
Jenkins |
|
| References | (MISC) http://www.openwall.com/lists/oss-security/2023/09/06/9 - Mailing List, Third Party Advisory | |
| References | (MISC) https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 - Vendor Advisory | |
| CPE | cpe:2.3:a:jenkins:pipeline_maven_integration:*:*:*:*:*:jenkins:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
06 Sep 2023, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
06 Sep 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-06 13:15
Updated : 2024-11-21 08:21
NVD link : CVE-2023-41934
Mitre link : CVE-2023-41934
CVE.ORG link : CVE-2023-41934
JSON object : View
Products Affected
jenkins
- pipeline_maven_integration
CWE