EUVD-2024-3100

Malicious code in bioql PyPI...

jenkins: Exposure of multi-line secrets through error messages

A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jenkins: Exposure of multi-line secrets through error messages

A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

jenkins: Exposure of multi-line secrets through error messages

A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

RHEL 8 : Red Hat Product OCP Tools 4.15 Openshift Jenkins (RHSA-2024:8884)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8884 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

GHSA-PJ95-PH4Q-4QM4 Jenkins exposes multi-line secrets through error messages

Jenkins Jenkins provides the secretTextarea form field for multi-line secrets. Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field. This can result in exposure of...

Jenkins exposes multi-line secrets through error messages

Jenkins Jenkins provides the secretTextarea form field for multi-line secrets. Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field. This can result in exposure of...

PT-2024-7108 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.478 and earlier Jenkins LTS versions 2.462.2 and earlier Description: The issue is related to the lack of protection for sensitive data in Jenkins. Specifically, Jenkins does not redact multi-line secret values in error...

Information Disclosure

github.com/hashicorp/vault-action/ is vulnerable to information disclosure. Multi-line secrets are not properly masked in its output and can potentially result in credentials disclosure...