CVE-2023-41934
MEDIUMJenkins Pipeline Maven Integration - Log Information Exposure
Title source: ruleDescription
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/06/9
Vendor Advisory vendor-advisory
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257
Scores
CVSS v3
5.3
EPSS
0.0011
EPSS Percentile
28.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (2)
jenkins/pipeline_maven_integration
< 1330.v18e473854496
org.jenkins-ci.plugins/pipeline-maven
0 - 1331.v003efa_fd6e81Maven
Published
Sep 06, 2023
Tracked Since
Feb 18, 2026