Lucene search
GoogleOSV:GHSA-H8C5-C92G-JQ6XHistoryMay 14, 2022 - 1:04 a.m.
Improper Input Validation in Jenkins
2022-05-1401:04:35
Google
osv.dev
9
jenkins security
input validation
http access log
EPSS
0
Percentile
12.6%
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.
Related
prion
prion
Default credentials
2018-01-26 02:29:00
nvd
nvd
CVE-2017-1000401
2018-01-26 02:29:01
redhatcve
redhatcve
CVE-2017-1000401
2017-11-21 11:22:46
ubuntucve
ubuntucve
CVE-2017-1000401
2018-01-26 00:00:00
cvelist
cvelist
CVE-2017-1000401
2018-01-26 02:00:00
github
github
Improper Input Validation in Jenkins
2022-05-14 01:04:35
osv
osv
CVE-2017-1000401
2018-01-26 02:29:01
cve
cve
CVE-2017-1000401
2018-01-26 02:29:01
nessus
nessus
Jenkins < 2.84 / < 2.73.2 (LTS) Multiple Vulnerabilities
2019-06-05 00:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Oct 2017) - Linux
2017-11-07 00:00:00
Jenkins Multiple Vulnerabilities (Oct 2017) - Windows
2017-11-07 00:00:00