GHSA-9v8g-f9mq-739g

Source

https://github.com/advisories/GHSA-9v8g-f9mq-739g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-9v8g-f9mq-739g/GHSA-9v8g-f9mq-739g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9v8g-f9mq-739g

Aliases

CVE-2023-41934

Published

2023-09-06T15:30:26Z

Modified

2024-09-26T22:22:47.525623Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin

Details

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Database specific

{
    "nvd_published_at": "2023-09-06T13:15:10Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T23:11:07Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:pipeline-maven

Package

Name: org.jenkins-ci.plugins:pipeline-maven; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/pipeline-maven

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1331.v003efa_fd6e81

Affected versions

0.*

0.1-beta

0.2

0.3

0.4

0.5

0.6

0.7

2.*

2.0-beta-3

2.0-beta-4

2.0-beta-5

2.0-beta-6

2.0-beta-7

2.0

2.0.1

2.0.2

2.0.3

2.1.0-beta-1

2.1.0

2.1.1-beta-1

2.2.0

2.2.1

2.3.0-beta-1

2.3.0

2.3.1-beta-1

2.3.1

2.4.0-beta-1

2.4.0-beta-2

2.4.0

2.5.0-alpha-1

2.5.0

2.5.1

2.5.2

3.*

3.0.0-beta-1

3.0.0-beta-2

3.0.0-beta-3

3.0.0-beta-4

3.0.0-beta-5

3.0.0-beta-6

3.0.0

3.0.1-beta-1

3.0.1-beta-2

3.0.1

3.0.2

3.0.3-beta-1

3.0.3-beta-2

3.0.3

3.0.4

3.0.5

3.0.6-beta-1

3.0.6

3.0.7

3.1.0-beta-1

3.1.0

3.2.0-alpha-1

3.2.0-alpha-2

3.2.0

3.2.1-beta-1

3.2.1

3.3.0

3.3.1-beta-1

3.3.1-beta-2

3.3.1

3.3.2

3.4.0-beta-1

3.4.0

3.4.1

3.4.2

3.4.3

3.5.0-beta-1

3.5.0

3.5.1-beta-1

3.5.1

3.5.2

3.5.3

3.5.4-beta-1

3.5.4

3.5.5

3.5.6

3.5.7-beta-1

3.5.7

3.5.8-beta-1

3.5.8

3.5.9

3.5.10

3.5.11

3.5.12-beta-1

3.5.12-beta-2

3.5.12-beta-3

3.5.12-beta-4

3.5.12

3.5.13

3.5.14

3.5.15-beta-1

3.5.15-beta-2

3.5.15-beta-3

3.5.15-beta-4

3.5.15

3.6.0-beta-1

3.6.0-beta-2

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4-beta-1

3.6.4

3.6.5-beta-1

3.6.5

3.6.6-beta-1

3.6.6-beta-2

3.6.6-beta-3

3.6.6-beta-4

3.6.6

3.6.7

3.6.8-beta-1

3.6.8-beta-2

3.6.8

3.6.9

3.6.10

3.6.11

3.6.12

3.6.13

3.6.14

3.6.15-beta-1

3.7.0-beta-1

3.7.0

3.7.1

3.8.0

3.8.1

3.8.2

3.8.3

3.9.0-beta-1

3.9.0

3.9.1

3.9.2

3.9.3

3.10.0

3.11.0-alpha-1

3.11.0

3.11.1

3.11.2

1161.*

1161.v89a_7dcec5d31

1195.*

1195.v3b_a_d1b_e792e0

1201.*

1201.v1fce0b_9b_a_e24

1203.*

1203.v75b_321f1c89f

1205.*

1205.vceea_7b_972817

1226.*

1226.v833b_d9f526b_9

1235.*

1235.v2db_ddd9f797b

1239.*

1239.v08f725b_927d9

1256.*

1256.v14a_6e1e0de4b

1257.*

1257.v89e586d3c58c

1274.*

1274.v870c8cb_fa_369

1279.*

1279.v5d711113020f

1290.*

1290.vf21c81e8c57f

1293.*

1293.v6c4d0ce54ee8

1298.*

1298.v43b_82f220a_e9

1314.*

1314.v09626b_14362f

1322.*

1322.v9ef317a_3e0a_9

1330.*

1330.v18e473854496

Database specific

{
    "last_known_affected_version_range": "<= 1330.v18e473854496"
}