GHSA-9v8g-f9mq-739g, CVE-2023-41934
maven/org.jenkins-ci.plugins/pipeline-maven
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
All versions up to 1330.v18e473854496
Upgrade to version 1331.v003efa_fd6e81 or above.
2024-01-31
source |