jenkins-2.462
2.462.3-r0
4.3
CVSS V3
Jenkins exposes multi-line secrets through error messages
Jenkins
Jenkins provides the secretTextarea
form field for multi-line secrets.
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea
form field.
This can result in exposure of multi-line secrets through those error messages, e.g., in the system log.
Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the secretTextarea
form field.