Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe
Improper masking of credentials Jenkins in Git Plugin
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 4 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-jxmw-3gxf-fprh, CVE-2022-38663
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-38663
- https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2796
- http://www.openwall.com/lists/oss-security/2022/08/23/2
- https://github.com/jenkinsci/git-plugin/commit/3241db9cc696711c871d4e78b3c3c0daad0740c3
- https://github.com/advisories/GHSA-jxmw-3gxf-fprh
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:git
Affected Version Ranges: < 4.11.5Fixed in: 4.11.5