Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/structs/324.va_f5d6774f3a_d/339785cad419455d387faa8332e419d0c70874f7/structs-324.va_f5d6774f3a_d.jar
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/structs/324.va_f5d6774f3a_d/339785cad419455d387faa8332e419d0c70874f7/structs-324.va_f5d6774f3a_d.jar
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.
Vulnerable Library - structs-324.va_f5d6774f3a_d.jar
Library plugin for DSL plugins that need names for Jenkins objects.
Library home page: https://github.com/jenkinsci/structs-plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/structs/324.va_f5d6774f3a_d/339785cad419455d387faa8332e419d0c70874f7/structs-324.va_f5d6774f3a_d.jar
Found in HEAD commit: 26696d30ae3a174047ee21ec6573e9b8b0bc1d1e
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-39458
### Vulnerable Library - structs-324.va_f5d6774f3a_d.jarLibrary plugin for DSL plugins that need names for Jenkins objects.
Library home page: https://github.com/jenkinsci/structs-plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/structs/324.va_f5d6774f3a_d/339785cad419455d387faa8332e419d0c70874f7/structs-324.va_f5d6774f3a_d.jar
Dependency Hierarchy: - :x: **structs-324.va_f5d6774f3a_d.jar** (Vulnerable Library)
Found in HEAD commit: 26696d30ae3a174047ee21ec6573e9b8b0bc1d1e
Found in base branch: main
### Vulnerability DetailsWhen Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.
Publish Date: 2024-06-26
URL: CVE-2024-39458
### CVSS 3 Score Details (3.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3371
Release Date: 2024-06-26
Fix Resolution: org.jenkins-ci.plugins:structs:338.v848422169819
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.