CVE-2022-25184

Summary

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Pipeline: Build Step Pluginunspecified <= 2.15affected
Jenkins projectJenkins Pipeline: Build Step Plugin2.13.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References