PT-2023-28172 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 1330.v18e473854496 and earlier Description: The issue concerns the Jenkins Pipeline Maven Integration Plugin, which does not properly mask usernames of credentials specified in custom Maven...

CVE-2023-40340

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...

PT-2023-5741 · Jenkins · Jenkins Nodejs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NodeJS Plugin versions 1.6.0 and earlier Description: The issue is related to the improper masking of credentials in the Npm config file in Pipeline build logs. This could allow a remote attacker to gain unauthorized access to protect...

CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed...

Information Disclosure

renovate is vulnerable to information disclosure. The Azure DevOps token is disclosed on the server and in the pipeline logs due to the logging of the http.extraheader=AUTHORIZATION parameter without redaction...

Sensitive Data Exposure

Overview Applies to Azure DevOps users only. The bot's token may be exposed in server or pipeline logs due to the http.extraheader=AUTHORIZATION parameter being logged without redaction. It is recommended that Azure DevOps users revoke their existing bot credentials and generate new ones after...