CVE-2019-10358

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

CVE-2023-43494

A flaw was found in Jenkins weekly and LTS caused by not excluding sensitive build variables when filtering builds in the build history widget. By sending a specially crafted request, a remote, authenticated attacker could obtain values of sensitive variables used in builds and use this informati...

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

Code injection

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3261 / CVE-2023-43494 Builds can be filtered by values of sensitive build variables High SECURITY-3245 / CVE-2023-43495 Stored XSS vulnerability High SECURITY-3072 / CVE-2023-43496 Temporary plugin file created with insecure permissions Low...

CVE-2019-10358

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

CVE-2019-10358

CVE-2019-10358 affects the Jenkins Maven Integration Plugin (versions ≤ 3.3). The root cause is that build log decorators were not applied to module builds, which could cause sensitive build variables to be exposed in logs. The available connected documents consistently describe this as a disclos...

CVE-2019-10358

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Integration Plugin versions 3.3 and earlier Description: The issue potentially reveals sensitive build variables in the build log because build log decorators are not applied to module builds. Recommendations: For Jenkins Maven...