Insufficiently protected credentials in Git plugin - CVE-2022-38663
Published: August 24, 2022
Vulnerability identifier: #VU66742
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-38663
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jenkins
Affected software:
Git plugin
Git plugin
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected plugin does not properly mask credentials in the build log provided by the Git Username and Password credentials binding. A remote user can gain access to sensitive information on the system.
How to mitigate CVE-2022-38663
Install updates from vendor's website.