CVE-2023-30513: Jenkins Kubernetes Plugin does not properly mask credentials

April 12, 2023 (updated April 21, 2023)

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

References

github.com/advisories/GHSA-v5hq-cqqr-6w4g
nvd.nist.gov/vuln/detail/CVE-2023-30513
www.jenkins.io/security/advisory/2023-04-12/

Detect and mitigate CVE-2023-30513 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →