Vulnerabilities

 1 via 2 paths

Dependencies

 30

Source

 GitHub

Commit

 c959a5aa

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

medium severity

LGPL-2.1 license

  • Module: com.github.spotbugs:spotbugs-annotations
  • Introduced through: com.github.spotbugs:spotbugs-annotations@4.9.6

Detailed paths

  • Introduced through: jenkinsci/snyk-security-scanner-plugin@jenkinsci/snyk-security-scanner-plugin#c959a5aad2ef759574e44d0d6e4b43b335000443 com.github.spotbugs:spotbugs-annotations@4.9.6

LGPL-2.1 license

LGPL-2.1 license vulnerability report

low severity

Information Exposure

  • Vulnerable module: org.jenkins-ci.plugins:structs
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-step-api@706.v518c5dcb_24c0 and org.jenkins-ci.plugins:credentials@999999-SNAPSHOT

Detailed paths

  • Introduced through: jenkinsci/snyk-security-scanner-plugin@jenkinsci/snyk-security-scanner-plugin#c959a5aad2ef759574e44d0d6e4b43b335000443 org.jenkins-ci.plugins.workflow:workflow-step-api@706.v518c5dcb_24c0 org.jenkins-ci.plugins:structs@337.v1b_04ea_4df7c8
  • Introduced through: jenkinsci/snyk-security-scanner-plugin@jenkinsci/snyk-security-scanner-plugin#c959a5aad2ef759574e44d0d6e4b43b335000443 org.jenkins-ci.plugins:credentials@999999-SNAPSHOT org.jenkins-ci.plugins:structs@337.v1b_04ea_4df7c8

Overview

Affected versions of this package are vulnerable to Information Exposure due to a failuire to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters. Exploiting this vulnerability can result in accidental exposure of secrets through the default system log.

Remediation

Upgrade org.jenkins-ci.plugins:structs to version 338.v848422169819 or higher.

References

Information Exposure vulnerability report