CVE-2022-38663

Summary

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Git Pluginunspecified <= 4.11.4affected
Jenkins projectJenkins Git Plugin4.9.4unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References