CVE-2022-25187 – org.jenkins-ci.plugins:support-core

Package

Manager: maven
Name: org.jenkins-ci.plugins:support-core
Vulnerable Version: >=0 <2.79.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00845 pctl0.73937

Details

Jenkins Support Core Plugin stores sensitive data in plain text Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted.

Metadata

Created: 2022-02-16T00:01:28Z
Modified: 2023-10-27T16:52:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-5m8f-v3gw-h94w/GHSA-5m8f-v3gw-h94w.json
CWE IDs: ["CWE-212", "CWE-312", "CWE-522"]
Alternative ID: GHSA-5m8f-v3gw-h94w
Finding: F009
Auto approve: 1