Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58849

Logstash plugin: requires insecure "mask-passwords"

      The mask-passwords plugin contains CVE-2019-10370 for which there is no released fix; however, the Logstash plugin depends on this plugin:

       

      https://github.com/jenkinsci/logstash-plugin/blob/master/pom.xml#L162

          [JENKINS-58849] Logstash plugin: requires insecure "mask-passwords"

          The dependency you link to is only used in test (as can be seen by it's scope).

          I fail to see why it would be a problem. Please reopen if I'm missing something

          Jakub Bochenski added a comment - The dependency you link to is only used in test (as can be seen by it's scope). I fail to see why it would be a problem. Please reopen if I'm missing something

          In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin"

          Tyler Cipriani added a comment - In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin"

          Please try upgrading the plugin to latest version, as old versions depended on mask-passwords

          Jakub Bochenski added a comment - Please try upgrading the plugin to latest version, as old versions depended on mask-passwords

            jbochenski Jakub Bochenski
            thcipriani Tyler Cipriani
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: