CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

History

13 Nov 2024, 17:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
First Time Jenkins
Jenkins jenkins
References () https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451 - () https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451 - Vendor Advisory
CWE CWE-209
CPE cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

04 Oct 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) Jenkins 2.478 y anteriores, LTS 2.462.2 y anteriores no redactan valores secretos de varias líneas en los mensajes de error generados para envíos de formularios que involucran el campo de formulario `secretTextarea`.

02 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-02 16:15

Updated : 2024-11-13 17:45


NVD link : CVE-2024-47803

Mitre link : CVE-2024-47803

CVE.ORG link : CVE-2024-47803


JSON object : View

Products Affected

jenkins

  • jenkins
CWE
CWE-209

Generation of Error Message Containing Sensitive Information