CVE-2019-10358: Insertion of Sensitive Information into Log File

May 24, 2022 (updated December 14, 2023)

Jenkins Maven Integration Plugin 3.3 and earlier does not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.

References

www.openwall.com/lists/oss-security/2019/07/31/1
github.com/advisories/GHSA-hr96-qfvm-52r6
github.com/jenkinsci/maven-plugin/commit/23e3fe5c43705883e4fb9d3ba052dfb1af3f2464
jenkins.io/security/advisory/2019-07-31/
nvd.nist.gov/vuln/detail/CVE-2019-10358

Code Behaviors & Features

Detect and mitigate CVE-2019-10358 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →