CVE-2022-38663 – org.jenkins-ci.plugins:git

Package

Manager: maven
Name: org.jenkins-ci.plugins:git
Vulnerable Version: >=0 <4.11.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02053 pctl0.83181

Details

Improper masking of credentials Jenkins in Git Plugin Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

Metadata

Created: 2022-08-24T00:00:28Z
Modified: 2022-11-29T21:44:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-jxmw-3gxf-fprh/GHSA-jxmw-3gxf-fprh.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-jxmw-3gxf-fprh
Finding: F035
Auto approve: 1