PT-2019-11760 · Jenkins · Jenkins Amazon Ec2 Plugin+1

Jesse Glick

Publicado

2019-07-31

Atualizado

2023-10-25

CVE-2019-10364

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Amazon EC2 Plugin versions 1.43 and earlier

Description The issue concerns the Jenkins Amazon EC2 Plugin, which wrote the beginning of private keys to the Jenkins system log. This could potentially expose sensitive information. The problem has been addressed, and the log message no longer includes the beginning of the private key.

Recommendations For Jenkins Amazon EC2 Plugin versions 1.43 and earlier, update to a version where the log message no longer includes the beginning of the private key to prevent potential exposure of sensitive information.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2019-10364

GHSA-W7FV-7J46-WWRV

Produtos afetados

Jenkins

Jenkins Amazon Ec2 Plugin

PT-2019-11760 · Jenkins · Jenkins Amazon Ec2 Plugin+1

CVE-2019-10364

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6