Moderate severityNVD Advisory· Published Oct 2, 2024· Updated Mar 19, 2025
CVE-2024-47803
CVE-2024-47803
Description
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.462.3 | 2.462.3 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.466, < 2.479 | 2.479 |
Affected products
4- osv-coords3 versions
< 2.462.3-r0+ 2 more
- (no CPE)range: < 2.462.3-r0
- (no CPE)range: < 2.462.3
- (no CPE)range: < 2.462.3
- Range: 2.462.3
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-pj95-ph4q-4qm4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47803ghsaADVISORY
- www.jenkins.io/security/advisory/2024-10-02/ghsavendor-advisoryWEB
News mentions
1- Jenkins Security Advisory 2024-10-02Jenkins Security Advisories · Oct 2, 2024