CVE-2019-10343

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

3.3LOW

EPSS

0.0%

top 97.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Configuration AS Code Jenkins Project Jenkins Configuration AS Code Plugin

Timeline

PublishedJul 31

Latest updateMay 24

Description

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_configuration_as_code_plugin1.24 and earlier, 1.26 and earlier+1

▶Mavenio.jenkins:configuration-as-code< 1.25

▶NVDjenkins/configuration_as_code1.24

🔴Vulnerability Details

OSV

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin↗2022-05-24

▶

GHSA

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin↗2022-05-24

▶

CVEList

CVE-2019-10343: Jenkins Configuration as Code Plugin 1↗2019-07-31

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-07-31↗2019-07-31

▶