CVE-2023-40339

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 16, 2023
Updated: Aug 22, 2023

Summary

CVE-2023-40339 is a vulnerability affecting the Jenkins Config File Provider Plugin version 952 and earlier. This issue exposes a security risk as the plugin does not mask credentials specified in configuration files when they're written to the build log. As a result, sensitive information can be exposed to unauthorized users, potentially leading to unauthorized access or data breaches. It is strongly recommended that users upgrade to the latest version of the plugin to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share