PT-2023-27397 · Jenkins · Jenkins Config File Provider Plugin+1
James Nord
·
Published
2023-08-16
·
Updated
2023-08-22
·
CVE-2023-40339
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier
Description
The issue concerns the Jenkins Config File Provider Plugin, where credentials specified in configuration files are not masked when written to the build log. This means that sensitive information, such as passwords, is visible in plain text, potentially exposing it to unauthorized access. The problem affects versions of the plugin up to 952.va 544a 6234b 46.
Recommendations
For Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier, update to version 953.v0432a 802e4d2 or later, which masks credentials configured in configuration files if they appear in the build log.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Config File Provider Plugin