CVE-2022-25180

Summary

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Pipeline: Groovy Pluginunspecified <= 2648.va9433432b33caffected
Jenkins projectJenkins Pipeline: Groovy Plugin2.94.1unaffected
Jenkins projectJenkins Pipeline: Groovy Plugin2.92.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References