GHSA-hr96-qfvm-52r6

Source

https://github.com/advisories/GHSA-hr96-qfvm-52r6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hr96-qfvm-52r6/GHSA-hr96-qfvm-52r6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hr96-qfvm-52r6

Aliases

CVE-2019-10358

Published

2022-05-24T16:51:50Z

Modified

2024-02-16T08:23:54.818340Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Maven Integration Plugin did not mask sensitive values in module build logs

Details

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.

Database specific

{
    "nvd_published_at": "2019-07-31T13:15:00Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-14T18:21:34Z"
}

References

Affected packages

Maven / org.jenkins-ci.main:maven-plugin

Package

Name: org.jenkins-ci.main:maven-plugin; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/maven-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4

Affected versions

1.*

1.396

1.397

1.398

1.399

1.400

1.401

1.403

1.404

1.405

1.406

1.407

1.408

1.409

1.409.1

1.409.2

1.409.3

1.410

1.411

1.412

1.413

1.414

1.415

1.416

1.417

1.418

1.419

1.420

1.421

1.422

1.423

1.424

1.424.1

1.424.2

1.424.3

1.424.4

1.424.5

1.424.6

1.425

1.426

1.427

1.428

1.429

1.430

1.431

1.432

1.433

1.434

1.435

1.436

1.437

1.438

1.439

1.440

1.441

1.442

1.443

1.444

1.445

1.446

1.447

1.447.1

1.447.2

1.448

1.449

1.450

1.451

1.452

1.453

1.454

1.455

1.456

1.457

1.458

1.459

1.460

1.461

1.462

1.463

1.464

1.465

1.466

1.466.1

1.466.2

1.467

1.468

1.469

1.470

1.471

1.472

1.473

1.474

1.475

1.476

1.477

1.478

1.479

1.480

1.480.1

1.480.2

1.480.3

1.481

1.482

1.483

1.484

1.485

1.486

1.487

1.488

1.489

1.490

1.491

1.492

1.493

1.494

1.495

1.496

1.497

1.498

1.499

1.500

1.501

1.502

1.503

1.504

1.505

1.506

1.507

1.508

1.509

1.509.1

1.509.2

1.509.2.JENKINS-8856-diag

1.509.2.JENKINS-14362-jzlib

1.509.3

1.509.3.JENKINS-14362-jzlib

1.509.4

1.510

1.511

1.512

1.513

1.514

1.515

1.516

1.516.JENKINS-14362-jzlib

1.517

1.518

1.518.JENKINS-14362-jzlib

1.519

1.520

1.521

1.522

1.523

1.524

1.525

1.526

1.527

1.528

1.529

1.530

1.531

1.532

1.533

1.534

2.*

2.0-beta-1

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.7.1

2.8

2.9

2.10

2.11

2.12

2.12.1

2.13

2.14

2.15

2.15.1

2.16

2.17

3.*

3.0-rc1

3.0-rc2

3.0

3.1

3.1.1

3.1.2

3.2

3.3

Database specific

last_known_affected_version_range

"<= 3.3"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hr96-qfvm-52r6/GHSA-hr96-qfvm-52r6.json"