CVE-2019-10367

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 94.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Configuration AS Code Jenkins Project Jenkins Configuration AS Code Plugin

Timeline

PublishedAug 7

Latest updateMay 24

Description

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_configuration_as_code_plugin1.26 and earlier

▶Mavenio.jenkins:configuration-as-code< 1.27

▶NVDjenkins/configuration_as_code1.26

🔴Vulnerability Details

GHSA

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin↗2022-05-24

▶

OSV

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin↗2022-05-24

▶

CVEList

CVE-2019-10367: Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1↗2019-08-07

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-08-07↗2019-08-07

▶