PT-2023-5741 · Jenkins · Jenkins Nodejs Plugin+1

James Nord

Publicado

2023-08-16

Atualizado

2023-08-22

CVE-2023-40340

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins NodeJS Plugin versions 1.6.0 and earlier

Description The issue is related to the improper masking of credentials in the Npm config file in Pipeline build logs. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with errors in processing credentials in the Pipeline build log.

Recommendations For Jenkins NodeJS Plugin versions 1.6.0 and earlier, update to version 1.6.1 or later, which properly masks credentials specified in the Npm config file in Pipeline build logs.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

BDU:2023-06413

CVE-2023-40340

GHSA-36FG-WHR2-G999

Produtos afetados

Jenkins

Jenkins Nodejs Plugin

PT-2023-5741 · Jenkins · Jenkins Nodejs Plugin+1

CVE-2023-40340

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9