[MAVEN:GHSA-QV6Q-X9VR-W7J3] Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds.
This allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Pipeline: Groovy Plugin 2656.vf7a_e7b_75a_457 does not allow builds containing password parameters to be replayed.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps | <= 2648.va9433432b33c |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps | = 2656.vf7a_e7b_75a_457 |
- ID
- MAVEN:GHSA-QV6Q-X9VR-W7J3
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-qv6q-x9vr-w7j3
- Published
-
2022-02-16T00:01:32
(2 years ago) - Modified
-
2023-12-28T19:04:49
(8 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps | org.jenkins-ci.plugins.workflow | workflow-cps | <= 2648.va9433432b33c | |||
Fixed | pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps | org.jenkins-ci.plugins.workflow | workflow-cps | = 2656.vf7a_e7b_75a_457 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |