Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58849

Logstash plugin: requires insecure "mask-passwords"

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The mask-passwords plugin contains CVE-2019-10370 for which there is no released fix; however, the Logstash plugin depends on this plugin:

       

      https://github.com/jenkinsci/logstash-plugin/blob/master/pom.xml#L162

        Attachments

          Activity

          Hide
          jbochenski Jakub Bochenski added a comment -

          The dependency you link to is only used in test (as can be seen by it's scope).

          I fail to see why it would be a problem. Please reopen if I'm missing something

          Show
          jbochenski Jakub Bochenski added a comment - The dependency you link to is only used in test (as can be seen by it's scope). I fail to see why it would be a problem. Please reopen if I'm missing something
          Hide
          thcipriani Tyler Cipriani added a comment -

          In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin"

          Show
          thcipriani Tyler Cipriani added a comment - In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin"
          Hide
          thcipriani Tyler Cipriani added a comment -

          Show
          thcipriani Tyler Cipriani added a comment -
          Hide
          jbochenski Jakub Bochenski added a comment -

          Please try upgrading the plugin to latest version, as old versions depended on mask-passwords

          Show
          jbochenski Jakub Bochenski added a comment - Please try upgrading the plugin to latest version, as old versions depended on mask-passwords

            People

            Assignee:
            jbochenski Jakub Bochenski
            Reporter:
            thcipriani Tyler Cipriani
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: