CVE-2023-40339

Summary

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Config File Provider Plugin953.v0432a_802e4d2 < *unaffected
Jenkins ProjectJenkins Config File Provider Plugin951.953.vdfc5f6e2dcc4unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References