CVE-2024-47803

Summary

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.462.3 < 2.462.*unaffected
Jenkins ProjectJenkins2.479 < *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References