EUVD-2023-1968

Malicious code in bioql PyPI...

CVE-2023-39155

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it...

Information Disclosure

chef-identity is vulnerable to Information Disclosure. The vulnerability exists because ChefIdentityBuildWrapper.xml does not properly mask the user.pem key on the form field, allowing an attacker to gain sensitive information if they have access to the global configuration file, or are able to...

GHSA-5JC5-M87X-88FJ Secret displayed without masking by Chef Identity Plugin

Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml on the Jenkins controller as part of its configuration. While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form do...

CVE-2023-39155

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it...

Design/Logic Flaw

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it...

CVE-2023-39155

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it...

CVE-2023-39155

The CVE-2023-39155 entry affects Jenkins Chef Identity Plugin (versions 2.0.3 and earlier). The root cause is that the user.pem key form field in the plugin’s global configuration is not masked, allowing an attacker with access to the Jenkins controller UI to observe or capture the key. This is t...