DirectorySecurity Advisories
Sign In
Security Advisories

CGA-wc3v-477r-888x

Published

Last updated

https://images.chainguard.dev/security/CGA-wc3v-477r-888x
Package

jenkins-2.462

Latest Update
Fixed
Fixed Version

2.462.3-r0

Aliases
  • CVE-2024-47803
  • GHSA-pj95-ph4q-4qm4

Severity

4.3

Medium

CVSS V3

Summary

Jenkins exposes multi-line secrets through error messages

Description

Jenkins

Jenkins provides the secretTextarea form field for multi-line secrets.

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field.

This can result in exposure of multi-line secrets through those error messages, e.g., in the system log.

Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the secretTextarea form field.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-47803

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images