CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
28.0%
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if “Treat username as secret” is checked.
Vendor | Product | Version | CPE |
---|---|---|---|
jenkins | pipeline_maven_integration | * | cpe:2.3:a:jenkins:pipeline_maven_integration:*:*:*:*:*:jenkins:*:* |
[
{
"defaultStatus": "unaffected",
"product": "Jenkins Pipeline Maven Integration Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1330.v18e473854496",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]