Описание
Jenkins Support Core Plugin stores sensitive data in plain text
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-25187
- https://github.com/jenkinsci/support-core-plugin/commit/c6d20da4f372f03bd3e4844f0df2f109df68a63c
- https://github.com/jenkinsci/support-core-plugin/commit/e90487a87bc0a3445c887203f5badec17af905c5
- https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2186
Пакеты
Наименование
org.jenkins-ci.plugins:support-core
maven
Затронутые версииВерсия исправления
< 2.79.1
2.79.1
Связанные уязвимости
CVSS3: 6.5
nvd
почти 4 года назад
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.