-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from plaintext credential logging in configuration processing flows. The advisory explicitly names DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, and ExtensionConfigurator.java as vulnerable components. These classes contain core configuration handling methods that would be present in stack traces when processing sensitive data. The '.configure()' methods are logical points where configuration (including credentials) would be processed and potentially logged. The 'getAttributeValue' method directly handles sensitive attribute retrieval. All listed functions would appear in runtime profiling when processing malicious configurations due to their central role in the plugin's configuration management workflow.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins:configuration-as-code | maven | < 0.8-alpha | 0.8-alpha |