CVE-2023-40340
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 16, 2023
Updated: Aug 22, 2023
Summary
CVE-2023-40340: This vulnerability affects the Jenkins NodeJS Plugin version 1.6.0 and earlier. The issue lies in the plugin's inability to mask credentials in Npm config files during Pipeline build logs. As a result, sensitive information may be exposed through publicly accessible logs, posing a significant risk to security. It is recommended that users upgrade to a newer version of the plugin to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share