Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yd2gzLTVnN3YtM2M1bc4AAmgD
Password written to the build log by Jenkins SQLPlus Script Runner Plugin
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs.
This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission.
Jenkins SQLPlus Script Runner Plugin 2.0.13 no longer prints the password in the build logs.
Permalink: https://github.com/advisories/GHSA-rwh3-5g7v-3c5mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd2gzLTVnN3YtM2M1bc4AAmgD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-rwh3-5g7v-3c5m, CVE-2020-2312
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2312
- https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2129
- https://github.com/advisories/GHSA-rwh3-5g7v-3c5m
Affected Packages
maven:org.jenkins-ci.plugins:sqlplus-script-runner
Affected Version Ranges: < 2.0.13Fixed in: 2.0.13