CVE-2023-30513

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

J

enkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/04/13/3	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075	Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/04/13/3	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:kubernetes:*:*:*:*:*:jenkins:*:*

History

21 Nov 2024, 08:00

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2023/04/13/3 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2023/04/13/3 - Mailing List, Third Party Advisory
References	~~() https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075 - Vendor Advisory~~	() https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075 - Vendor Advisory

Information

Published : 2023-04-12 18:15

Updated : 2025-02-07 20:15

NVD link : CVE-2023-30513

Mitre link : CVE-2023-30513

CVE.ORG link : CVE-2023-30513

JSON object : View

Products Affected

kubernetes

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2023-30513", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-04-12T18:15:07.777", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/04/13/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2023/04/13/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled."}], "lastModified": "2025-02-07T20:15:33.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:kubernetes:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "E8A7ACE5-397B-49C5-A5EF-88F805561C1C", "versionEndIncluding": "3909.v1f2c633e8590"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}