{"id":"GHSA-g84f-cmc8-682c","summary":"Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin","details":"Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.","aliases":["CVE-2022-25184"],"modified":"2023-11-08T04:08:42.632061Z","published":"2022-02-16T00:01:29Z","database_specific":{"nvd_published_at":"2022-02-15T17:15:00Z","github_reviewed":true,"github_reviewed_at":"2022-12-01T23:40:03Z","cwe_ids":["CWE-522"],"severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25184"},{"type":"WEB","url":"https://github.com/jenkinsci/pipeline-build-step-plugin/commit/c06f65425fe9696d2237f591959dd4b5c6083fd9"},{"type":"PACKAGE","url":"https://github.com/jenkinsci/pipeline-build-step-plugin"},{"type":"WEB","url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2519"}],"affected":[{"package":{"name":"org.jenkins-ci.plugins:pipeline-build-step","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.plugins/pipeline-build-step"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.15.1"}]}],"versions":["2.0","2.1","2.10","2.11","2.12","2.13","2.13.1","2.14","2.15","2.2","2.3","2.4","2.5","2.5.1","2.6","2.7","2.8","2.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-g84f-cmc8-682c/GHSA-g84f-cmc8-682c.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}