Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42848
HistoryAug 18, 2023 - 7:09 a.m.

Information Exposure

2023-08-1807:09:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
jenkins
plugin
credentials
exposure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

50.6%

org.jenkins-ci.plugins: config-file-provide is vulnerable to Information Exposure. The vulnerability is due to improper credential masking, which can result in credential exposure in build logs.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

50.6%