Vulnerability Description
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Pipeline Maven Integration | <= 1330.v18e473854496 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/09/06/9Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257Vendor Advisory
- http://www.openwall.com/lists/oss-security/2023/09/06/9Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257Vendor Advisory
FAQ
What is CVE-2023-41934?
CVE-2023-41934 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline b...
How severe is CVE-2023-41934?
CVE-2023-41934 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41934?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Pipeline Maven Integration.