Vulnerabilities > CVE-2023-41934 - Unspecified vulnerability in Jenkins Pipeline Maven Integration

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

NVD

Published: 2023-09-06

Updated: 2023-09-12

Summary

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Pipeline Maven Integration 0.1 Jenkins Pipeline Maven Integration 0.2 Jenkins Pipeline Maven Integration 0.3 Jenkins Pipeline Maven Integration 0.4 Jenkins Pipeline Maven Integration 0.5 Jenkins Pipeline Maven Integration 0.6 Jenkins Pipeline Maven Integration 0.7 Jenkins Pipeline Maven Integration 1.7.0 Jenkins Pipeline Maven Integration 2.3.0 Jenkins Pipeline Maven Integration 2.3.1 Jenkins Pipeline Maven Integration 2.4.0 Jenkins Pipeline Maven Integration 2.5.0 Jenkins Pipeline Maven Integration 3.0.0 Jenkins Pipeline Maven Integration 3.0.1 Jenkins Pipeline Maven Integration 3.0.2 Jenkins Pipeline Maven Integration 3.0.3 Jenkins Pipeline Maven Integration 3.0.4 Jenkins Pipeline Maven Integration 3.0.5 Jenkins Pipeline Maven Integration 3.0.6 Jenkins Pipeline Maven Integration 3.0.7 Jenkins Pipeline Maven Integration 3.1.0 Jenkins Pipeline Maven Integration 3.2.0 Jenkins Pipeline Maven Integration 3.2.1 Jenkins Pipeline Maven Integration 3.3.0 Jenkins Pipeline Maven Integration 3.3.1 Jenkins Pipeline Maven Integration 3.3.2 Jenkins Pipeline Maven Integration 3.4.0 Jenkins Pipeline Maven Integration 3.4.1 Jenkins Pipeline Maven Integration 3.4.2 Jenkins Pipeline Maven Integration 3.4.3 Jenkins Pipeline Maven Integration 3.5.0 Jenkins Pipeline Maven Integration 3.5.1 Jenkins Pipeline Maven Integration 3.5.2 Jenkins Pipeline Maven Integration 3.5.3 Jenkins Pipeline Maven Integration 3.5.4 Jenkins Pipeline Maven Integration 3.5.5 Jenkins Pipeline Maven Integration 3.5.6 Jenkins Pipeline Maven Integration 3.5.7 Jenkins Pipeline Maven Integration 3.5.8 Jenkins Pipeline Maven Integration 3.5.9 Jenkins Pipeline Maven Integration 3.5.10 Jenkins Pipeline Maven Integration 3.5.11 Jenkins Pipeline Maven Integration 3.5.12 Jenkins Pipeline Maven Integration 3.5.13 Jenkins Pipeline Maven Integration 3.5.14 Jenkins Pipeline Maven Integration 3.5.15 Jenkins Pipeline Maven Integration 3.6.0 Jenkins Pipeline Maven Integration 3.6.1 Jenkins Pipeline Maven Integration 3.6.2 Jenkins Pipeline Maven Integration 3.6.3 Jenkins Pipeline Maven Integration 3.6.4 Jenkins Pipeline Maven Integration 3.6.5 Jenkins Pipeline Maven Integration 3.6.6 Jenkins Pipeline Maven Integration 3.6.7 Jenkins Pipeline Maven Integration 3.6.8 Jenkins Pipeline Maven Integration 3.6.9 Jenkins Pipeline Maven Integration 3.6.10 Jenkins Pipeline Maven Integration 3.6.11 Jenkins Pipeline Maven Integration 3.6.12 Jenkins Pipeline Maven Integration 3.6.13 Jenkins Pipeline Maven Integration 3.6.14 Jenkins Pipeline Maven Integration 3.6.15 Jenkins Pipeline Maven Integration 3.7.0 Jenkins Pipeline Maven Integration 3.7.1 Jenkins Pipeline Maven Integration 3.8.0 Jenkins Pipeline Maven Integration 3.8.1 Jenkins Pipeline Maven Integration 3.8.2 Jenkins Pipeline Maven Integration 3.8.3 Jenkins Pipeline Maven Integration 3.9.0 Jenkins Pipeline Maven Integration 3.9.1 Jenkins Pipeline Maven Integration 3.9.2 Jenkins Pipeline Maven Integration 3.9.3 Jenkins Pipeline Maven Integration 3.10.0 Jenkins Pipeline Maven Integration 3.11.0 Jenkins Pipeline Maven Integration 3.11.1 Jenkins Pipeline Maven Integration 3.11.2 Jenkins Pipeline Maven Integration 1161.V89A_7Dcec5D31 Jenkins Pipeline Maven Integration 1195.V3B_A_D1B_E792E0 Jenkins Pipeline Maven Integration 1201.V1Fce0B_9B_A_E24 Jenkins Pipeline Maven Integration 1203.V75B_321F1C89F Jenkins Pipeline Maven Integration 1205.Vceea_7B_972817 Jenkins Pipeline Maven Integration 1226.V833B_D9F526B_9 Jenkins Pipeline Maven Integration 1235.V2Db_Ddd9F797B Jenkins Pipeline Maven Integration 1239.V08F725B_927D9 Jenkins Pipeline Maven Integration 1256.V14A_6E1E0De4B Jenkins Pipeline Maven Integration 1257.V89E586D3C58C Jenkins Pipeline Maven Integration 1274.V870C8Cb_Fa_369 Jenkins Pipeline Maven Integration 1279.V5D711113020F Jenkins Pipeline Maven Integration 1290.Vf21C81E8C57F Jenkins Pipeline Maven Integration 1293.V6C4D0Ce54Ee8 Jenkins Pipeline Maven Integration 1298.V43B_82F220A_E9 Jenkins Pipeline Maven Integration 1314.V09626B_14362F Jenkins Pipeline Maven Integration 1322.V9Ef317A_3E0A_9 Jenkins Pipeline Maven Integration 1330.V18E473854496	138

Summary

Vulnerable Configurations

References