CVE-2022-25180

Description

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.

Affected products

• Jenkins Project / Jenkins Pipeline: Groovy Pluginunspecified – 2648.va9433432b33c
• Jenkins Project / Jenkins Pipeline: Groovy Plugin2.94.1 – 2.94.1
• Jenkins Project / Jenkins Pipeline: Groovy Plugin2.92.1 – 2.92.1

References

• MISChttps://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2443