CVE-2024-28154 – com.sonymobile.jenkins.plugins.mq:mq-notifier

Package

Manager: maven
Name: com.sonymobile.jenkins.plugins.mq:mq-notifier
Vulnerable Version: >=0 <1.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00133 pctl0.33663

Details

Jenkins MQ Notifier Plugin exposes sensitive information in build logs Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.

Metadata

Created: 2024-03-06T18:30:38Z
Modified: 2025-01-21T18:23:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-8fm4-r23p-v68v/GHSA-8fm4-r23p-v68v.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-8fm4-r23p-v68v
Finding: F038
Auto approve: 1