GitHub Advisory DatabaseGHSA-GP67-C7J2-2QG2Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
53.4%
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.jenkins-ci.plugins | mask-passwords | * | cpe:2.3:a:org.jenkins-ci.plugins:mask-passwords:*:*:*:*:*:*:*:* |
References
www.openwall.com/lists/oss-security/2019/08/07/1
github.com/advisories/GHSA-gp67-c7j2-2qg2
github.com/jenkinsci/mask-passwords-plugin/commit/aadefdbf319954cf0c5acbe032637e1c0a924f37
github.com/jenkinsci/mask-passwords-plugin/pull/20
jenkins.io/security/advisory/2019-08-07/#SECURITY-157
nvd.nist.gov/vuln/detail/CVE-2019-10370
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
53.4%