Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01bThmLXYzZ3ctaDk0d80sPw

Support Core Plugin before 2.79.1 stores sensitive data in plain text

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted.

Permalink: https://github.com/advisories/GHSA-5m8f-v3gw-h94w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01bThmLXYzZ3ctaDk0d80sPw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 2 months ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-5m8f-v3gw-h94w, CVE-2022-25187
References:

https://nvd.nist.gov/vuln/detail/CVE-2022-25187
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2186
https://github.com/advisories/GHSA-5m8f-v3gw-h94w

Affected Packages

maven:org.jenkins-ci.plugins:support-core

Versions: < 2.79.1
Fixed in: 2.79.1