Jenkins Pipeline Maven Plugin leaks user names in logs
CVE-2023-41934 Published on September 6, 2023
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2023-41934
Want to know whenever a new CVE is published for Jenkins Pipeline Maven Integration? stack.watch will email you.
Affected Versions
Jenkins Project Jenkins Pipeline Maven Integration Plugin:- Before and including 1330.v18e473854496 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.