CVE-2019-10358Log File Information Exposure in Jenkins Maven

CWE-532Log File Information Exposure5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 65.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins MavenJenkins Project Jenkins Maven Integration Plugin
Timeline
PublishedJul 31
Latest updateMay 24

Description

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDjenkins/maven3.3

🔴Vulnerability Details

3
OSV
Maven Integration Plugin did not mask sensitive values in module build logs2022-05-24
GHSA
Maven Integration Plugin did not mask sensitive values in module build logs2022-05-24
CVEList
CVE-2019-10358: Jenkins Maven Integration Plugin 32019-07-31

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-07-312019-07-31
CVE-2019-10358 — Log File Information Exposure | cvebase