VYPR
Moderate severityNVD Advisory· Published Feb 15, 2022· Updated Aug 3, 2024

CVE-2022-25180

CVE-2022-25180

Description

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins.workflow:workflow-cpsMaven
< 2656.vf7a_e7b_75a_4572656.vf7a_e7b_75a_457

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1