Jenkins Config File Provider Plugin: Credential Leakage in Build Logs

CVE-2023-40339 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.

Learn more about our Web Application Penetration Testing UK.