{ "threat_severity" : "Moderate", "public_date" : "2023-08-16T00:00:00Z", "bugzilla" : { "description" : "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin", "id" : "2232423", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2232423" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "details" : [ "Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.", "A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they're written to the build log." ], "affected_release" : [ { "product_name" : "OCP-Tools-4.12-RHEL-8", "release_date" : "2024-02-12T00:00:00Z", "advisory" : "RHSA-2024:0778", "cpe" : "cpe:/a:redhat:ocp_tools:4.12::el8", "package" : "jenkins-2-plugins-0:4.12.1706515741-1.el8" }, { "product_name" : "OCP-Tools-4.14-RHEL-8", "release_date" : "2024-02-12T00:00:00Z", "advisory" : "RHSA-2024:0777", "cpe" : "cpe:/a:redhat:ocp_tools:4.14::el8", "package" : "jenkins-2-plugins-0:4.14.1706516441-1.el8" } ], "package_state" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "jenkins-2-plugins", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "jenkins-2-plugins", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-40339\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40339\nhttps://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090" ], "name" : "CVE-2023-40339", "csaw" : false }