CVE-2023-41934

Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin in maven/org.jenkins-ci.plugins/pipeline-maven

Identifiers

GHSA-9v8g-f9mq-739g, CVE-2023-41934

Package Slug

maven/org.jenkins-ci.plugins/pipeline-maven

Vulnerability

Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin

Description

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Affected Versions

All versions up to 1330.v18e473854496

Solution

Upgrade to version 1331.v003efa_fd6e81 or above.

Last Modified

2024-01-31

source