CVE-2024-39458

LOW Year: 2024
CVSS v3 Score
3.1
Low
Weakness Type
CWE-209
View all →

Vulnerability Description

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.

Related Vulnerabilities

CVE-2019-4129

LOW
CVSS:3.1(Low)

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack...

CWE-2092019

CVE-2019-6122

LOW
CVSS:3.1(Low)

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, b...

CWE-2092019

CVE-2020-4319

LOW
CVSS:3.1(Low)

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an ...

CWE-2092020

CVE-2020-16121

LOW
CVSS:3.3(Low)

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

CWE-2092020

CVE-2020-4584

LOW
CVSS:3.3(Low)

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks ...

CWE-2092020

CVE-2022-20525

LOW
CVSS:3.3(Low)

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege ...

CWE-2092022