{"id":"CVE-2024-39458","details":"When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.","aliases":["GHSA-xfx3-cr74-x3cv"],"modified":"2026-04-10T05:15:47.442871Z","published":"2024-06-26T17:15:27.020Z","related":["CGA-9p5g-jw7q-xx4j"],"references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3371"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/06/26/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/structs-plugin","events":[{"introduced":"0"},{"last_affected":"1b04ea4df7c87eb9707a32cfef8a91c6ec9c3d2b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"337.v1b_04ea_4df7c8"}]}}],"versions":["308.v852b473a2b8c","317.vf68c51f71b_e2","318.va_f3ccb_729b_71","324.va_f5d6774f3a_d","325.vcb_307d2a_2782","337.v1b_04ea_4df7c8","structs-parent-1.0","structs-parent-1.1","structs-parent-1.10","structs-parent-1.11","structs-parent-1.13","structs-parent-1.14","structs-parent-1.15","structs-parent-1.16","structs-parent-1.17","structs-parent-1.18","structs-parent-1.19","structs-parent-1.2","structs-parent-1.20","structs-parent-1.21","structs-parent-1.22","structs-parent-1.23","structs-parent-1.24","structs-parent-1.3","structs-parent-1.4","structs-parent-1.5","structs-parent-1.6","structs-parent-1.7","structs-parent-1.8","structs-parent-1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39458.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}