CVE-2022-25180

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Plugin versions 2648.va9433432b33c and earlier

Description The issue allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline, as password parameters from the original build are included in replayed builds.

Recommendations For versions 2648.va9433432b33c and earlier, update to a version that does not allow builds containing password parameters to be replayed, such as Pipeline: Groovy Plugin 2656.vf7a e7b 75a 457. As a temporary workaround, consider restricting the Run/Replay permission to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-319

Related Identifiers

CVE-2022-25180

GHSA-QV6Q-X9VR-W7J3

RHSA-2022:0871

RHSA-2022:1021

RHSA-2022:1025

RHSA-2022:1248

RHSA-2022:1420

RHSA-2022:1620

Affected Products

Jenkins

Jenkins Pipeline: Groovy Plugin

CVE-2022-25180

Weakness Enumeration

Related Identifiers

Affected Products

References · 8