Bug 2120945 (CVE-2022-38663)
| Summary: | CVE-2022-38663 jenkins-2-plugins/git: Improper masking of credentials in Git Plugin | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Git Plugin 4.11.5 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Jenkins Git plugin. The Git Plugin does not properly mask the credentials in the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding. Usernames are masked instead of passwords in cases when usernames are not set to be treated as secret.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2120946 | ||
|
Description
Avinash Hanwate
2022-08-24 05:35:35 UTC
|