Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.

Affected Packages

Maven org.jenkins-ci.plugins:pipeline-maven

Affected versions: 0 (fixed in 1331.v003efa_fd6e81)

Related CVEs

CVE-2023-41934

Key Information

GHSA ID

GHSA-9v8g-f9mq-739g

Published

September 6, 2023 3:30 PM

Last Modified

January 30, 2024 11:11 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:pipeline-maven

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.