CVE-2023-39152
Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log
6.5
MEDIUM
CVSS 3.1
EPSS 0.28%
Description
Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.
How to fix CVE-2023-39152
To remediate CVE-2023-39152, upgrade the affected package to a fixed version below.
- —upgrade to 2.8.1 or later
Is CVE-2023-39152 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.8.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |