Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01bThmLXYzZ3ctaDk0d80sPw
Jenkins Support Core Plugin stores sensitive data in plain text
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted.
Permalink: https://github.com/advisories/GHSA-5m8f-v3gw-h94wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01bThmLXYzZ3ctaDk0d80sPw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: 11 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-5m8f-v3gw-h94w, CVE-2022-25187
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25187
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2186
- https://github.com/jenkinsci/support-core-plugin/commit/c6d20da4f372f03bd3e4844f0df2f109df68a63c
- https://github.com/jenkinsci/support-core-plugin/commit/e90487a87bc0a3445c887203f5badec17af905c5
- https://github.com/advisories/GHSA-5m8f-v3gw-h94w
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:support-core
Affected Version Ranges: < 2.79.1Fixed in: 2.79.1