CVE-2022-38663 - Medium Severity Vulnerability
Vulnerable Library - git-4.2.1.jar
Integrates Jenkins with Git SCM
Library home page: https://github.com/jenkinsci/git-plugin/tree/git-4.2.1/README.adoc
Path to dependency file: /pom.xml
Path to vulnerable library: /-ci/plugins/git/4.2.1/git-4.2.1.jar
Dependency Hierarchy:
- ❌ git-4.2.1.jar (Vulnerable Library)
Found in HEAD commit: 97ed2b7fe477b78f0b26191e5950825314db7b2c
Found in base branch: master
Vulnerability Details
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.
Publish Date: 2022-08-23
URL: CVE-2022-38663
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2022-38663 - Medium Severity Vulnerability
Integrates Jenkins with Git SCM
Library home page: https://github.com/jenkinsci/git-plugin/tree/git-4.2.1/README.adoc
Path to dependency file: /pom.xml
Path to vulnerable library: /-ci/plugins/git/4.2.1/git-4.2.1.jar
Dependency Hierarchy:
Found in HEAD commit: 97ed2b7fe477b78f0b26191e5950825314db7b2c
Found in base branch: master
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (
gitUsernamePassword) credentials binding.Publish Date: 2022-08-23
URL: CVE-2022-38663
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here