CVE-2023-40340

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins NodeJS Plugin versions 1.6.0 and earlier

Description The issue is related to the improper masking of credentials in the Npm config file in Pipeline build logs. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with errors in processing credentials in the Pipeline build log.

Recommendations For Jenkins NodeJS Plugin versions 1.6.0 and earlier, update to version 1.6.1 or later, which properly masks credentials specified in the Npm config file in Pipeline build logs.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BDU:2023-06413

CVE-2023-40340

GHSA-36FG-WHR2-G999

Affected Products

Jenkins

Jenkins Nodejs Plugin

CVE-2023-40340

Weakness Enumeration

Related Identifiers

Affected Products

References · 9