Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-2333 Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
Github GHSA Github GHSA GHSA-pv2g-vm98-vjxf Jenkins Config File Provider Plugin improper credential masking vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 08 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Jenkins Project
Jenkins Project jenkins Config File Provider Plugin
CPEs cpe:2.3:a:jenkins_project:jenkins_config_file_provider_plugin:*:*:*:*:*:*:*:*
Vendors & Products Jenkins Project
Jenkins Project jenkins Config File Provider Plugin
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2024-10-08T17:49:36.202Z

Reserved: 2023-08-14T16:02:56.435Z

Link: CVE-2023-40339

cve-icon Vulnrichment

Updated: 2024-08-02T18:31:53.808Z

cve-icon NVD

Status : Modified

Published: 2023-08-16T15:15:11.547

Modified: 2024-11-21T08:19:15.080

Link: CVE-2023-40339

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-08-16T00:00:00Z

Links: CVE-2023-40339 - Bugzilla

cve-icon OpenCVE Enrichment

No data.