Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe

Improper masking of credentials Jenkins in Git Plugin

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.

Permalink: https://github.com/advisories/GHSA-jxmw-3gxf-fprh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 4 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-jxmw-3gxf-fprh, CVE-2022-38663
References:

https://nvd.nist.gov/vuln/detail/CVE-2022-38663
https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2796
http://www.openwall.com/lists/oss-security/2022/08/23/2
https://github.com/advisories/GHSA-jxmw-3gxf-fprh

Affected Packages

maven:org.jenkins-ci.plugins:git

Versions: < 4.11.5
Fixed in: 4.11.5