PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin+1
Daniel Beck
·
Published
2024-03-06
·
Updated
2025-01-19
·
CVE-2024-28154
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins MQ Notifier Plugin versions 1.4.0 and earlier
Description
The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default.
Recommendations
For Jenkins MQ Notifier Plugin versions 1.4.0 and earlier, consider disabling the debug logging feature to prevent sensitive build parameters from being logged until a fix is available.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Mq Notifier Plugin