CVE-2022-25187: Sensitive data stored in plain text by Support Core Plugin

February 15, 2022 (updated November 30, 2023)

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

References

nvd.nist.gov/vuln/detail/CVE-2022-25187
www.jenkins.io/security/advisory/2022-02-15/

Code Behaviors & Features

Detect and mitigate CVE-2022-25187 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →