Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.
{ "nvd_published_at": "2022-02-15T17:15:00Z", "github_reviewed_at": "2022-12-01T23:40:03Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-522" ] }