CVE-2024-39458

Name of the Vulnerable Software and Affected Versions: Jenkins Structs Plugin versions 337.v1b 04ea 4df7c8 and earlier

Description: The issue is related to the accidental exposure of secrets through the default system log when the Jenkins Structs Plugin fails to configure a build step. This happens because the plugin logs a warning message containing diagnostic information that may include secrets passed as step parameters. The exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information.

Recommendations: For Jenkins Structs Plugin versions 337.v1b 04ea 4df7c8 and earlier, update to version 338.v848422169819 or later, which inspects the types of actual parameters before logging warning messages and limits detailed diagnostic information to FINE level log messages if secrets are involved, preventing their display in the default Jenkins system log.