GitHub Advisory DatabaseGHSA-5M8F-V3GW-H94WJenkins Support Core Plugin stores sensitive data in plain text
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.4%
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.plugins:support-core | lt | 2.79.1 |
References
github.com/advisories/GHSA-5m8f-v3gw-h94w
github.com/jenkinsci/support-core-plugin/commit/c6d20da4f372f03bd3e4844f0df2f109df68a63c
github.com/jenkinsci/support-core-plugin/commit/e90487a87bc0a3445c887203f5badec17af905c5
nvd.nist.gov/vuln/detail/CVE-2022-25187
www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2186
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.4%