Vulnerabilities

 1 via 2 paths

Dependencies

 33

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

medium severity

LGPL-2.1 license

  • Module: com.github.spotbugs:spotbugs-annotations
  • Introduced through: com.github.spotbugs:spotbugs-annotations@4.9.8

Detailed paths

  • Introduced through: jenkinsci/snyk-security-scanner-plugin@jenkinsci/snyk-security-scanner-plugin com.github.spotbugs:spotbugs-annotations@4.9.8

LGPL-2.1 license

LGPL-2.1 license vulnerability report

low severity

Information Exposure

  • Vulnerable module: org.jenkins-ci.plugins:structs
  • Introduced through: org.jenkins-ci.plugins.workflow:workflow-step-api@724.v538c2362b_dfb_ and org.jenkins-ci.plugins:credentials@999999-SNAPSHOT

Detailed paths

  • Introduced through: jenkinsci/snyk-security-scanner-plugin@jenkinsci/snyk-security-scanner-plugin org.jenkins-ci.plugins.workflow:workflow-step-api@724.v538c2362b_dfb_ org.jenkins-ci.plugins:structs@337.v1b_04ea_4df7c8
  • Introduced through: jenkinsci/snyk-security-scanner-plugin@jenkinsci/snyk-security-scanner-plugin org.jenkins-ci.plugins:credentials@999999-SNAPSHOT org.jenkins-ci.plugins:structs@337.v1b_04ea_4df7c8

Overview

Affected versions of this package are vulnerable to Information Exposure due to a failuire to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters. Exploiting this vulnerability can result in accidental exposure of secrets through the default system log.

Remediation

Upgrade org.jenkins-ci.plugins:structs to version 338.v848422169819 or higher.

References

Information Exposure vulnerability report