cbcvebase.
CVE-2022-25180
published 2022-02-15

CVE-2022-25180: Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.

Affected

22 ranges
VendorProductVersion rangeFixed in
jenkinsagent_server_parameter_plugin
jenkinsbuild_step_plugin
jenkinscheckmarx_plugin
jenkinschef_sinatra_plugin
jenkinsconjur_secrets_plugin
jenkinsconvertigo_mobile_platform_plugin
jenkinscustom_checkbox_parameter_plugin
jenkinsdeprecated_groovy_libraries_plugin
jenkinsdoktor_plugin
jenkinsfortify_plugin
jenkinsgeneric_webhook_trigger_plugin
jenkinsgitlab_authentication_plugin
jenkinsgroovy_plugin
jenkinshashicorp_vault_plugin
jenkinsmultibranch_plugin
jenkinspipeline<= 2648.va9433432b33c
jenkinsscp_publisher_plugin
jenkinssnow_commander_plugin
jenkinssupport_core_plugin
jenkinsswamp_plugin
jenkinsteam_views_plugin
jenkins_projectjenkins_pipeline_groovy_pluginunspecified – 2648.va9433432b33c