CVE-2024-47803: Jenkins exposes multi-line secrets through error messages
Jenkins
Jenkins provides the secretTextarea
form field for multi-line secrets.
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea
form field.
This can result in exposure of multi-line secrets through those error messages, e.g., in the system log.
Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the secretTextarea
form field.
References
Detect and mitigate CVE-2024-47803 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →