Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin

2022-05-2416:52:45

Google

osv.dev

jenkins

mask passwords plugin

passwords

exposure

configuration

plain text

log file

software

EPSS

0.002

Percentile

53.4%

JSON

Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.

References

www.openwall.com/lists/oss-security/2019/08/07/1

github.com/jenkinsci/mask-passwords-plugin

github.com/jenkinsci/mask-passwords-plugin/commit/aadefdbf319954cf0c5acbe032637e1c0a924f37

github.com/jenkinsci/mask-passwords-plugin/pull/20

jenkins.io/security/advisory/2019-08-07/#SECURITY-157

nvd.nist.gov/vuln/detail/CVE-2019-10370

EPSS

0.002

Percentile

53.4%

JSON

Related for OSV:GHSA-GP67-C7J2-2QG2