CVE-2023-40340

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 16, 2023
Updated: Aug 22, 2023

Summary

CVE-2023-40340: This vulnerability affects the Jenkins NodeJS Plugin version 1.6.0 and earlier. The issue lies in the plugin's inability to mask credentials in Npm config files during Pipeline build logs. As a result, sensitive information may be exposed through publicly accessible logs, posing a significant risk to security. It is recommended that users upgrade to a newer version of the plugin to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share