Jenkins · Jenkins Git Plugin · CVE-2022-38663
**Name of the Vulnerable Software and Affected Versions**
Jenkins Git Plugin versions 4.11.4 and earlier
**Description**
The issue concerns the improper masking of credentials in the build log. Specifically, the Git Username and Password (`gitUsernamePassword`) credentials binding does not properly replace credentials with asterisks. This could potentially expose sensitive information.
**Recommendations**
For Jenkins Git Plugin versions 4.11.4 and earlier, update to a version that properly masks credentials in the build log.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.