CVE-2023-40340
Description
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs.
CWE
- (none)
Affected
- Jenkins Project / Jenkins NodeJS Plugin — v=0 ≤1.6.0 [affected]
CVSS
- (none)
References
- https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3196 vendor-advisory
- http://www.openwall.com/lists/oss-security/2023/08/16/3
Source
cvelistV5-main/cves/2023/40xxx/CVE-2023-40340.json