CVE-2022-25187

CWE-212CWE-312Cleartext Storage of Sensitive InfoCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 72.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Support Core PluginJenkins Support Core
Timeline
PublishedFeb 15
Latest updateFeb 16

Description

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_support_core_pluginunspecified2.79

Patches

Patch: www.jenkins.ioPatch: www.jenkins.io

🔴Vulnerability Details

3
GHSA
Jenkins Support Core Plugin stores sensitive data in plain text2022-02-16
OSV
Jenkins Support Core Plugin stores sensitive data in plain text2022-02-16
CVEList
CVE-2022-25187: Jenkins Support Core Plugin 22022-02-15

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-02-152022-02-15
CVE-2022-25187 (MEDIUM CVSS 6.5) | Jenkins Support Core Plugin 2.79 an | cvebase.io