CVE-2023-40339 — Jenkins Config File Provider vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 51.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Config File Provider

Timeline

PublishedAug 16

Description

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDjenkins/config_file_provider952.va_544a_6234b_46

🔴Vulnerability Details

GHSA

Jenkins Config File Provider Plugin improper credential masking vulnerability↗2023-08-16

▶

OSV

Jenkins Config File Provider Plugin improper credential masking vulnerability↗2023-08-16

▶

CVEList

CVE-2023-40339: Jenkins Config File Provider Plugin 952↗2023-08-16

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-08-16↗2023-08-16

▶

Red Hat

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin↗2023-08-16

▶