Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05djhnLWY5bXEtNzM5Z84AA1vB
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
Permalink: https://github.com/advisories/GHSA-9v8g-f9mq-739gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05djhnLWY5bXEtNzM5Z84AA1vB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 3 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-9v8g-f9mq-739g, CVE-2023-41934
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-41934
- https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257
- http://www.openwall.com/lists/oss-security/2023/09/06/9
- https://github.com/advisories/GHSA-9v8g-f9mq-739g
Affected Packages
maven:org.jenkins-ci.plugins:pipeline-maven
Affected Version Ranges: <= 1330.v18e473854496Fixed in: 1331.v003efa_fd6e81