GHSA-rwh3-5g7v-3c5m

Source

https://github.com/advisories/GHSA-rwh3-5g7v-3c5m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rwh3-5g7v-3c5m/GHSA-rwh3-5g7v-3c5m.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-rwh3-5g7v-3c5m

Aliases

CVE-2020-2312

Published

2022-05-24T17:33:08Z

Modified

2023-11-01T04:52:32.164366Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Password written to the build log by Jenkins SQLPlus Script Runner Plugin

Details

Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs.

This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission.

Jenkins SQLPlus Script Runner Plugin 2.0.13 no longer prints the password in the build logs.

Database specific

{
    "nvd_published_at": "2020-11-04T15:15:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-22T13:39:27Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:sqlplus-script-runner

Package

Name: org.jenkins-ci.plugins:sqlplus-script-runner; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/sqlplus-script-runner

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.13

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.12