PT-2023-22742 · Jenkins · Jenkins Kubernetes Plugin+1
Tim Jacomb
·
Published
2023-04-12
·
Updated
2025-02-07
·
CVE-2023-30513
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Kubernetes Plugin versions 3909.v1f2c633e8590 and earlier
Description
The issue arises from the Jenkins Kubernetes Plugin not properly masking credentials in the build log when push mode for durable task logging is enabled. This results in credentials being exposed in the build log, potentially leading to unauthorized access.
Recommendations
For Jenkins Kubernetes Plugin versions 3909.v1f2c633e8590 and earlier, consider disabling the push mode for durable task logging until a patch is available to properly mask credentials in the build log. Restrict access to the build logs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Kubernetes Plugin