PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin+1

Jesse Glick

Publicado

2019-07-31

Atualizado

2023-10-25

CVE-2019-10358

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Maven Integration Plugin versions 3.3 and earlier

Description The issue potentially reveals sensitive build variables in the build log because build log decorators are not applied to module builds.

Recommendations For Jenkins Maven Integration Plugin versions 3.3 and earlier, update to a version that applies build log decorators to module builds to prevent sensitive build variables from being revealed in the build log.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2019-10358

GHSA-HR96-QFVM-52R6

Produtos afetados

Jenkins

Jenkins Maven Integration Plugin

PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin+1

CVE-2019-10358

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7