CVE-2019-10364

MEDIUM5.5EPSS 0.03%

Jenkins Amazon EC2 Plugin leaked beginning of private key in system log

Published: 5/24/2022Modified: 2/16/2024

Description

Jenkins Amazon EC2 Plugin printed a log message that contained the beginning of the private key to the Jenkins system log. The log message no longer includes the beginning of the private key.

Affected packages (1)

Maven/org.jenkins-ci.plugins:ec2from 0, < 1.44

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10364
WEBhttps://github.com/jenkinsci/ec2-plugin/commit/78c3c49a227ac8eccb8b1be7193d5605363fe251
WEBhttps://jenkins.io/security/advisory/2019-07-31/#SECURITY-673
WEBhttp://www.openwall.com/lists/oss-security/2019/07/31/1