CVE-2023-30513

Summary

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Kubernetes Plugin3910.ve59cec5e33ea_ < *unaffected
Jenkins ProjectJenkins Kubernetes Plugin3670.3672.v0ec52a_286336 < 3670.*unaffected
Jenkins ProjectJenkins Kubernetes Plugin3900.3902.v10b_836a_c8c15 < 3900.*unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References