Maven package
org.jenkins-ci.plugins/mask-passwords
pkg:maven/org.jenkins-ci.plugins/mask-passwords
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-29043 | — | < 3.1 | 3.1 | Apr 12, 2022 | Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2019-10370 | — | < 2.13.0 | 2.13.0 | Aug 7, 2019 | Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. |
- CVE-2022-29043Apr 12, 2022affected < 3.1fixed 3.1
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2019-10370Aug 7, 2019affected < 2.13.0fixed 2.13.0
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.