CVE-2024-28154 - Vulnerability Details - OpenCVE

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00133.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Jenkins	Mq Notifier

Configuration 1 [-]

cpe:2.3:a:jenkins:mq_notifier:*:*:*:*:*:jenkins:*:*

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-8fm4-r23p-v68v	Jenkins MQ Notifier Plugin exposes sensitive information in build logs

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/03/06/3
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180

History

Thu, 27 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-532
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 19 Jan 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Jenkins Jenkins mq Notifier
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:jenkins:mq_notifier::::::jenkins::*
Vendors & Products		Jenkins Jenkins mq Notifier
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2024-03-06T17:01:57.449Z

Updated: 2025-03-27T20:32:25.005Z

Reserved: 2024-03-05T19:29:05.205Z

Link: CVE-2024-28154

Vulnrichment

Updated: 2024-08-02T00:48:49.469Z

NVD

Status : Modified

Published: 2024-03-06T17:15:10.733

Modified: 2025-03-27T21:15:47.183

Link: CVE-2024-28154

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28154", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-03-05T19:29:05.205Z", "datePublished": "2024-03-06T17:01:57.449Z", "dateUpdated": "2025-03-27T20:32:25.005Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-05-01T18:06:03.168Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins MQ Notifier Plugin", "versions": [{"version": "0", "versionType": "maven", "lessThanOrEqual": "1.4.0", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default."}], "references": [{"name": "Jenkins Security Advisory 2024-03-06", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-06T22:30:21.414232Z", "id": "CVE-2024-28154", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T20:32:25.005Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.469Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-03-06", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180", "name": "Jenkins Security Advisory 2024-03-06", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.469Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T22:30:21.414232Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.240Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins MQ Notifier Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "maven", "lessThanOrEqual": "1.4.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180", "name": "Jenkins Security Advisory 2024-03-06", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"}], "descriptions": [{"lang": "en", "value": "Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-05-01T18:06:03.168Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28154", "state": "PUBLISHED", "dateUpdated": "2025-03-27T20:32:25.005Z", "dateReserved": "2024-03-05T19:29:05.205Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2024-03-06T17:01:57.449Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:mq_notifier:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "901DACED-5F83-45F1-B5EC-F0C73BBAE52E", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default."}, {"lang": "es", "value": "Jenkins MQ Notifier Plugin 1.4.0 y versiones anteriores registran par\u00e1metros de compilaci\u00f3n potencialmente confidenciales como parte de la informaci\u00f3n de depuraci\u00f3n en los registros de compilaci\u00f3n de forma predeterminada."}], "id": "CVE-2024-28154", "lastModified": "2025-03-27T21:15:47.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-06T17:15:10.733", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}