Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04Zm00LXIyM3AtdjY4ds4AA5zr
Jenkins MQ Notifier Plugin exposes sensitive information in build logs
Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.
Permalink: https://github.com/advisories/GHSA-8fm4-r23p-v68vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Zm00LXIyM3AtdjY4ds4AA5zr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-8fm4-r23p-v68v, CVE-2024-28154
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-28154
- https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180
- https://github.com/jenkinsci/mq-notifier-plugin/commit/46c9f228a3317eb87562bc3d99f7e184bdcecbfe
- https://github.com/advisories/GHSA-8fm4-r23p-v68v
Blast Radius: 1.0
Affected Packages
maven:com.sonymobile.jenkins.plugins.mq:mq-notifier
Affected Version Ranges: < 1.4.1Fixed in: 1.4.1