Lucene search

GitHub Advisory DatabaseGHSA-9V8G-F9MQ-739G

HistorySep 06, 2023 - 3:30 p.m.

Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin

2023-09-0615:30:26

CWE-532

GitHub Advisory Database

github.com

jenkins

pipeline

maven

integration

plugin

credentials

security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if “Treat username as secret” is checked.

Affected configurations

Vulners

Node

org.jenkins-ci.pluginspipeline-mavenRange≤1330.v18e473854496

VendorProductVersionCPE
org.jenkins-ci.pluginspipeline-maven*cpe:2.3:a:org.jenkins-ci.plugins:pipeline-maven:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.jenkins-ci.plugins	pipeline-maven	*	cpe:2.3:a:org.jenkins-ci.plugins:pipeline-maven::::::::

References

www.openwall.com/lists/oss-security/2023/09/06/9

github.com/advisories/GHSA-9v8g-f9mq-739g

nvd.nist.gov/vuln/detail/CVE-2023-41934

www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Related for GHSA-9V8G-F9MQ-739G