Jenkins Config File Provider Plugin Fails to Mask Credentials in Build Logs
CVE-2023-40339 Published on August 16, 2023

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

Vendor Advisory NVD

Products Associated with CVE-2023-40339

Want to know whenever a new CVE is published for Jenkins Config File Provider? stack.watch will email you.

Jenkins Config File Provider

Affected Versions

Jenkins Project Jenkins Config File Provider Plugin:

Version 953.v0432a_802e4d2 and below * is unaffected.
Version 951.953.vdfc5f6e2dcc4 is unaffected.

jenkins_project jenkins_config_file_provider_plugin:

Version 953.v0432a_802e4d2 and below * is unaffected.
Version 951.953.vdfc5f6e2dcc4 is unaffected.

Exploit Probability

EPSS

0.25%

Percentile

48.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Config File Provider Plugin Fails to Mask Credentials in Build LogsCVE-2023-40339 Published on August 16, 2023

Products Associated with CVE-2023-40339

Affected Versions

Exploit Probability

Jenkins Config File Provider Plugin Fails to Mask Credentials in Build Logs
CVE-2023-40339 Published on August 16, 2023