When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.
History

Tue, 05 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-209
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2024-06-26T17:06:26.399Z

Updated: 2024-11-05T20:12:24.387Z

Reserved: 2024-06-25T08:12:57.626Z

Link: CVE-2024-39458

cve-icon Vulnrichment

Updated: 2024-08-02T04:26:14.270Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-26T17:15:27.020

Modified: 2024-11-21T09:27:42.223

Link: CVE-2024-39458

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-26T00:00:00Z

Links: CVE-2024-39458 - Bugzilla