CVE-2023-41934 — Log File Information Exposure in Project Jenkins Pipeline Maven Integration Plugin

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 70.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Pipeline Maven Integration Plugin Jenkins Pipeline Maven Integration

Timeline

PublishedSep 6

Description

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_pipeline_maven_integration_plugin1330.v18e473854496

▶NVDjenkins/pipeline_maven_integration1330.v18e473854496

🔴Vulnerability Details

CVEList

CVE-2023-41934: Jenkins Pipeline Maven Integration Plugin 1330↗2023-09-06

▶

OSV

Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin↗2023-09-06

▶

GHSA

Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin↗2023-09-06

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-09-06↗2023-09-06

▶