cbcvebase.
CVE-2022-25184
published 2022-02-15

CVE-2022-25184: Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet…

medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.

Affected

22 ranges
VendorProductVersion rangeFixed in
jenkinsagent_server_parameter_plugin
jenkinsbuild_step_plugin
jenkinscheckmarx_plugin
jenkinschef_sinatra_plugin
jenkinsconjur_secrets_plugin
jenkinsconvertigo_mobile_platform_plugin
jenkinscustom_checkbox_parameter_plugin
jenkinsdeprecated_groovy_libraries_plugin
jenkinsdoktor_plugin
jenkinsfortify_plugin
jenkinsgeneric_webhook_trigger_plugin
jenkinsgitlab_authentication_plugin
jenkinsgroovy_plugin
jenkinshashicorp_vault_plugin
jenkinsmultibranch_plugin
jenkinspipeline<= 2.15
jenkinsscp_publisher_plugin
jenkinssnow_commander_plugin
jenkinssupport_core_plugin
jenkinsswamp_plugin
jenkinsteam_views_plugin
jenkins_projectjenkins_pipeline_build_step_pluginunspecified – 2.15