Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pipeline:_groovy | Jenkins | * | 2648.va9433432b33c (including) |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1650371376-1.el7 | * |
| Red Hat OpenShift Container Platform 4.10 | RedHat | jenkins-2-plugins-0:4.10.1647505461-1.el8 | * |
| Red Hat OpenShift Container Platform 4.6 | RedHat | jenkins-2-plugins-0:4.6.1650364520-1.el8 | * |
| Red Hat OpenShift Container Platform 4.7 | RedHat | jenkins-2-plugins-0:4.7.1648800585-1.el8 | * |
| Red Hat OpenShift Container Platform 4.8 | RedHat | jenkins-2-plugins-0:4.8.1646993358-1.el8 | * |
| Red Hat OpenShift Container Platform 4.9 | RedHat | jenkins-2-plugins-0:4.9.1647580879-1.el8 | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html