PT-2019-11801 · Jenkins · Mask Passwords Plugin+2
Published
2019-09-25
·
Updated
2023-10-25
·
CVE-2019-10407
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Project Inheritance Plugin versions 2.0.0 and earlier
Jenkins Project Inheritance Plugin versions 19.08.02 and earlier
Description
The issue concerns the display of environment variables passed to a build without properly masking sensitive information. This is specifically related to variables contributed by the Mask Passwords Plugin.
Recommendations
For versions 2.0.0 and earlier, update to a version that properly masks sensitive environment variables.
For versions 19.08.02 and earlier, update to a version that properly masks sensitive environment variables.
As a temporary workaround, consider restricting access to the build environment variables to minimize the risk of sensitive information exposure.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Project Inheritance Plugin
Mask Passwords Plugin