Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe

Improper masking of credentials Jenkins in Git Plugin

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.

Permalink: https://github.com/advisories/GHSA-jxmw-3gxf-fprh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 10 months ago


CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-jxmw-3gxf-fprh, CVE-2022-38663
References:

Affected Packages

maven:org.jenkins-ci.plugins:git
Versions: < 4.11.5
Fixed in: 4.11.5