CVE-2019-10364: Insertion of Sensitive Information into Log File

May 24, 2022 (updated October 26, 2023)

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.

References

www.openwall.com/lists/oss-security/2019/07/31/1
github.com/advisories/GHSA-w7fv-7j46-wwrv
github.com/jenkinsci/ec2-plugin/commit/78c3c49a227ac8eccb8b1be7193d5605363fe251
jenkins.io/security/advisory/2019-07-31/
nvd.nist.gov/vuln/detail/CVE-2019-10364

Code Behaviors & Features

Detect and mitigate CVE-2019-10364 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →