Credential Exposure in Jenkins Kubernetes Plugin by Jenkins
CVE-2023-30513

7.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Kubernetes Plugin
Vendor: CVE Published:; 12 April 2023

Summary

A security flaw in the Jenkins Kubernetes Plugin allows sensitive credentials to be revealed in build logs when durable task logging is activated. Specifically, versions up to 3909.v1f2c633e8590 fail to adequately mask sensitive data, leading to potential information leaks. This vulnerability could expose critical credentials used in Jenkins builds, prompting the need for immediate security measures.

Affected Version(s)

Jenkins Kubernetes Plugin 3910.ve59cec5e33ea_

Jenkins Kubernetes Plugin 3670.3672.v0ec52a_286336 < 3670.*

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/04/13/3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Apr 12, 2023