CVE-2019-10358 – org.jenkins-ci.main:maven-plugin

Package

Manager: maven
Name: org.jenkins-ci.main:maven-plugin
Vulnerable Version: >=0 <3.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00139 pctl0.34574

Details

Maven Integration Plugin did not mask sensitive values in module build logs Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.

Metadata

Created: 2022-05-24T16:51:50Z
Modified: 2023-12-14T18:21:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hr96-qfvm-52r6/GHSA-hr96-qfvm-52r6.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-hr96-qfvm-52r6
Finding: F091
Auto approve: 1