CVE-2023-41934

Medium

5.3/10

Summary

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

References

Advisory Timeline

Published Sep 06, 2023

CVE-2023-41934

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS