GHSA-9v8g-f9mq-739g

Suggest an improvement
Source
https://github.com/advisories/GHSA-9v8g-f9mq-739g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-9v8g-f9mq-739g/GHSA-9v8g-f9mq-739g.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-9v8g-f9mq-739g
Aliases
Published
2023-09-06T15:30:26Z
Modified
2024-09-26T22:51:56.531999Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin
Details

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Database specific
{
    "nvd_published_at": "2023-09-06T13:15:10Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T23:11:07Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:pipeline-maven

Package

Name
org.jenkins-ci.plugins:pipeline-maven
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/pipeline-maven

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1331.v003efa_fd6e81

Affected versions

0.*

0.1-beta
0.2
0.3
0.4
0.5
0.6
0.7

2.*

2.0-beta-3
2.0-beta-4
2.0-beta-5
2.0-beta-6
2.0-beta-7
2.0
2.0.1
2.0.2
2.0.3
2.1.0-beta-1
2.1.0
2.1.1-beta-1
2.2.0
2.2.1
2.3.0-beta-1
2.3.0
2.3.1-beta-1
2.3.1
2.4.0-beta-1
2.4.0-beta-2
2.4.0
2.5.0-alpha-1
2.5.0
2.5.1
2.5.2

3.*

3.0.0-beta-1
3.0.0-beta-2
3.0.0-beta-3
3.0.0-beta-4
3.0.0-beta-5
3.0.0-beta-6
3.0.0
3.0.1-beta-1
3.0.1-beta-2
3.0.1
3.0.2
3.0.3-beta-1
3.0.3-beta-2
3.0.3
3.0.4
3.0.5
3.0.6-beta-1
3.0.6
3.0.7
3.1.0-beta-1
3.1.0
3.2.0-alpha-1
3.2.0-alpha-2
3.2.0
3.2.1-beta-1
3.2.1
3.3.0
3.3.1-beta-1
3.3.1-beta-2
3.3.1
3.3.2
3.4.0-beta-1
3.4.0
3.4.1
3.4.2
3.4.3
3.5.0-beta-1
3.5.0
3.5.1-beta-1
3.5.1
3.5.2
3.5.3
3.5.4-beta-1
3.5.4
3.5.5
3.5.6
3.5.7-beta-1
3.5.7
3.5.8-beta-1
3.5.8
3.5.9
3.5.10
3.5.11
3.5.12-beta-1
3.5.12-beta-2
3.5.12-beta-3
3.5.12-beta-4
3.5.12
3.5.13
3.5.14
3.5.15-beta-1
3.5.15-beta-2
3.5.15-beta-3
3.5.15-beta-4
3.5.15
3.6.0-beta-1
3.6.0-beta-2
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4-beta-1
3.6.4
3.6.5-beta-1
3.6.5
3.6.6-beta-1
3.6.6-beta-2
3.6.6-beta-3
3.6.6-beta-4
3.6.6
3.6.7
3.6.8-beta-1
3.6.8-beta-2
3.6.8
3.6.9
3.6.10
3.6.11
3.6.12
3.6.13
3.6.14
3.6.15-beta-1
3.7.0-beta-1
3.7.0
3.7.1
3.8.0
3.8.1
3.8.2
3.8.3
3.9.0-beta-1
3.9.0
3.9.1
3.9.2
3.9.3
3.10.0
3.11.0-alpha-1
3.11.0
3.11.1
3.11.2

1161.*

1161.v89a_7dcec5d31

1195.*

1195.v3b_a_d1b_e792e0

1201.*

1201.v1fce0b_9b_a_e24

1203.*

1203.v75b_321f1c89f

1205.*

1205.vceea_7b_972817

1226.*

1226.v833b_d9f526b_9

1235.*

1235.v2db_ddd9f797b

1239.*

1239.v08f725b_927d9

1256.*

1256.v14a_6e1e0de4b

1257.*

1257.v89e586d3c58c

1274.*

1274.v870c8cb_fa_369

1279.*

1279.v5d711113020f

1290.*

1290.vf21c81e8c57f

1293.*

1293.v6c4d0ce54ee8

1298.*

1298.v43b_82f220a_e9

1314.*

1314.v09626b_14362f

1322.*

1322.v9ef317a_3e0a_9

1330.*

1330.v18e473854496

Database specific

{
    "last_known_affected_version_range": "<= 1330.v18e473854496"
}