Insufficiently protected credentials in Git plugin - CVE-2022-38663

 

Insufficiently protected credentials in Git plugin - CVE-2022-38663

Published: August 24, 2022


Vulnerability identifier: #VU66742
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-38663
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Jenkins
Affected software:
Git plugin

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected plugin does not properly mask credentials in the build log provided by the Git Username and Password credentials binding. A remote user can gain access to sensitive information on the system.


How to mitigate CVE-2022-38663

Install updates from vendor's website.

Sources