Lucene search
HistoryAug 16, 2023 - 3:15 p.m.
CVE-2023-40339
jenkins
config file provider
cve-2023-40339
credentials
build log
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
49.1%
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they’re written to the build log.
Affected configurations
Node
jenkinsconfig_file_providerRange≤952.va_544a_6234b_46jenkins
Related
alpinelinux
alpinelinux
CVE-2023-40339
2023-08-16 15:15:11
prion
prion
Code injection
2023-08-16 15:15:00
github
github
osv
osv
CVE-2023-40339
2023-08-16 15:15:11
redhatcve
redhatcve
CVE-2023-40339
2023-08-17 06:48:47
cvelist
cvelist
CVE-2023-40339
2023-08-16 14:32:51
cve
cve
CVE-2023-40339
2023-08-16 15:15:11
veracode
veracode
Information Exposure
2023-08-18 07:09:56
redhat
redhat
(RHSA-2024:0777) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:20:42
(RHSA-2024:0778) Important: Jenkins and Jenkins-2-plugins security update
2024-02-12 10:30:15
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)
2024-04-28 00:00:00
Jenkins plugins Multiple Vulnerabilities (2023-08-16)
2023-08-21 00:00:00
RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)
2024-04-29 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
49.1%
Related for NVD:CVE-2023-40339