Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Published

2023-09-06T13:15:10.073

Last Modified

2024-11-21T08:21:57.047

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	pipeline_maven_integration	≤ 1330.v18e473854496	Yes

References

http://www.openwall.com/lists/oss-security/2023/09/06/9 Mailing List, Third Party Advisory ([email protected])
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/09/06/9 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)