{"id":"GHSA-9v8g-f9mq-739g","summary":"Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin","details":"Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if \"Treat username as secret\" is checked.","aliases":["CVE-2023-41934"],"modified":"2024-09-26T22:22:47.525623Z","published":"2023-09-06T15:30:26Z","database_specific":{"nvd_published_at":"2023-09-06T13:15:10Z","github_reviewed_at":"2024-01-30T23:11:07Z","severity":"MODERATE","cwe_ids":["CWE-532"],"github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41934"},{"type":"WEB","url":"https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/09/06/9"}],"affected":[{"package":{"name":"org.jenkins-ci.plugins:pipeline-maven","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.plugins/pipeline-maven"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1331.v003efa_fd6e81"}]}],"versions":["0.1-beta","0.2","0.3","0.4","0.5","0.6","0.7","1161.v89a_7dcec5d31","1195.v3b_a_d1b_e792e0","1201.v1fce0b_9b_a_e24","1203.v75b_321f1c89f","1205.vceea_7b_972817","1226.v833b_d9f526b_9","1235.v2db_ddd9f797b","1239.v08f725b_927d9","1256.v14a_6e1e0de4b","1257.v89e586d3c58c","1274.v870c8cb_fa_369","1279.v5d711113020f","1290.vf21c81e8c57f","1293.v6c4d0ce54ee8","1298.v43b_82f220a_e9","1314.v09626b_14362f","1322.v9ef317a_3e0a_9","1330.v18e473854496","2.0","2.0-beta-3","2.0-beta-4","2.0-beta-5","2.0-beta-6","2.0-beta-7","2.0.1","2.0.2","2.0.3","2.1.0","2.1.0-beta-1","2.1.1-beta-1","2.2.0","2.2.1","2.3.0","2.3.0-beta-1","2.3.1","2.3.1-beta-1","2.4.0","2.4.0-beta-1","2.4.0-beta-2","2.5.0","2.5.0-alpha-1","2.5.1","2.5.2","3.0.0","3.0.0-beta-1","3.0.0-beta-2","3.0.0-beta-3","3.0.0-beta-4","3.0.0-beta-5","3.0.0-beta-6","3.0.1","3.0.1-beta-1","3.0.1-beta-2","3.0.2","3.0.3","3.0.3-beta-1","3.0.3-beta-2","3.0.4","3.0.5","3.0.6","3.0.6-beta-1","3.0.7","3.1.0","3.1.0-beta-1","3.10.0","3.11.0","3.11.0-alpha-1","3.11.1","3.11.2","3.2.0","3.2.0-alpha-1","3.2.0-alpha-2","3.2.1","3.2.1-beta-1","3.3.0","3.3.1","3.3.1-beta-1","3.3.1-beta-2","3.3.2","3.4.0","3.4.0-beta-1","3.4.1","3.4.2","3.4.3","3.5.0","3.5.0-beta-1","3.5.1","3.5.1-beta-1","3.5.10","3.5.11","3.5.12","3.5.12-beta-1","3.5.12-beta-2","3.5.12-beta-3","3.5.12-beta-4","3.5.13","3.5.14","3.5.15","3.5.15-beta-1","3.5.15-beta-2","3.5.15-beta-3","3.5.15-beta-4","3.5.2","3.5.3","3.5.4","3.5.4-beta-1","3.5.5","3.5.6","3.5.7","3.5.7-beta-1","3.5.8","3.5.8-beta-1","3.5.9","3.6.0","3.6.0-beta-1","3.6.0-beta-2","3.6.1","3.6.10","3.6.11","3.6.12","3.6.13","3.6.14","3.6.15-beta-1","3.6.2","3.6.3","3.6.4","3.6.4-beta-1","3.6.5","3.6.5-beta-1","3.6.6","3.6.6-beta-1","3.6.6-beta-2","3.6.6-beta-3","3.6.6-beta-4","3.6.7","3.6.8","3.6.8-beta-1","3.6.8-beta-2","3.6.9","3.7.0","3.7.0-beta-1","3.7.1","3.8.0","3.8.1","3.8.2","3.8.3","3.9.0","3.9.0-beta-1","3.9.1","3.9.2","3.9.3"],"database_specific":{"last_known_affected_version_range":"\u003c= 1330.v18e473854496","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-9v8g-f9mq-739g/GHSA-9v8g-f9mq-739g.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}