Moderate severityNVD Advisory· Published Feb 15, 2022· Updated Aug 3, 2024

CVE-2022-25184

Description

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:pipeline-build-stepMaven	< 2.15.1	2.15.1

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.plugins/pipeline-build-step
Range: < 2.15.1
Jenkins Project/Jenkins Jira Pipeline Steps Plugincpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-g84f-cmc8-682cghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-25184ghsaADVISORY
github.com/jenkinsci/pipeline-build-step-plugin/commit/c06f65425fe9696d2237f591959dd4b5c6083fd9ghsaWEB
www.jenkins.io/security/advisory/2022-02-15/ghsax_refsource_CONFIRMWEB

News mentions

Jenkins Security Advisory 2022-02-15
Jenkins Security Advisories · Feb 15, 2022

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000