CVE-2022-38663

Опубликовано: 23 авг. 2022

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.

A flaw was found in the Jenkins Git plugin. The Git Plugin does not properly mask the credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding. Usernames are masked instead of passwords in cases when usernames are not set to be treated as secret.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins-2-plugins	Out of support scope
Red Hat OpenShift Container Platform 4	jenkins-2-plugins	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-522

https://bugzilla.redhat.com/show_bug.cgi?id=2120945jenkins-2-plugins/git: Improper masking of credentials in Git Plugin

EPSS

Процентиль: 84%

0.02223

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2022-38663

CVSS3: 6.5

nvd

больше 3 лет назад

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

GHSA-jxmw-3gxf-fprh