Moderate severityNVD Advisory· Published Jul 31, 2019· Updated Aug 4, 2024
CVE-2019-10364
CVE-2019-10364
Description
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ec2Maven | < 1.44 | 1.44 |
Affected products
1- Range: 1.43 and earlier
Patches
178c3c49a227aMerge pull request #366 from Tblue/JENKINS-55203
1 file changed · +2 −2
src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java+2 −2 modified@@ -322,8 +322,8 @@ private boolean bootstrap(EC2Computer computer, TaskListener listener) throws IO boolean isAuthenticated = false; logInfo(computer, listener, "Getting keypair..."); KeyPair key = computer.getCloud().getKeyPair(); - logInfo(computer, listener, "Using key: " + key.getKeyName() + "\n" + key.getKeyFingerprint() + "\n" - + key.getKeyMaterial().substring(0, 160)); + logInfo(computer, listener, + String.format("Using private key %s (SHA-1 fingerprint %s)", key.getKeyName(), key.getKeyFingerprint())); while (tries-- > 0) { logInfo(computer, listener, "Authenticating as " + computer.getRemoteAdmin()); try {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-w7fv-7j46-wwrvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10364ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/07/31/1ghsamailing-listx_refsource_MLISTWEB
- github.com/jenkinsci/ec2-plugin/commit/78c3c49a227ac8eccb8b1be7193d5605363fe251ghsaWEB
- jenkins.io/security/advisory/2019-07-31/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.