CVE-2024-39458 - When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs

CVE-2024-39458

Summary

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.

References

https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3371
http://www.openwall.com/lists/oss-security/2024/06/26/2

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

27-06-2024 - 12:47

Published

26-06-2024 - 17:15

Last modified

27-06-2024 - 12:47