GHSA-hpv3-f5p7-pxj9

Source

https://github.com/advisories/GHSA-hpv3-f5p7-pxj9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-hpv3-f5p7-pxj9/GHSA-hpv3-f5p7-pxj9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hpv3-f5p7-pxj9

Aliases

CVE-2023-46653

Published

2023-10-25T18:32:25Z

Modified

2024-02-16T08:17:29.186849Z

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins lambdatest-automation Plugin may expose Credentials access token

Details

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level.

This can result in accidental exposure of the token through the default system log.

lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token.

Database specific

{
    "nvd_published_at": "2023-10-25T18:17:40Z",
    "cwe_ids": [
        "CWE-312"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-02T21:21:35Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:lambdatest-automation

Package

Name: org.jenkins-ci.plugins:lambdatest-automation; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/lambdatest-automation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.0

Affected versions

1.*

1.6

1.7

1.8

1.9

1.10

1.14.3

1.14.4

1.15

1.16.1

1.16.2

1.18

1.19

1.19.2

1.19.3

1.19.4

1.20.0

1.20.1

1.20.4

1.20.5

1.20.7

1.20.9

1.20.10