CVE-2023-30513
published 2023-04-12CVE-2023-30513: Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | assembla_merge_request_builder_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | consul_kv_builder_plugin | — | — |
| jenkins | delinea_secret_server_platform_plugin | — | — |
| jenkins | fogbugz_plugin | — | — |
| jenkins | image_tag_parameter_plugin | — | — |
| jenkins | kubernetes | <= 3909.v1f2c633e8590 | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_fogbugz_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_turboscript_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | quay.io_trigger_plugin | — | — |
| jenkins | report_portal_plugin | — | — |
| jenkins | thycotic_devops_secrets_vault_plugin | — | — |
| jenkins | turboscript_plugin | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH