{"id":"CVE-2022-25184","details":"Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.","aliases":["GHSA-g84f-cmc8-682c"],"modified":"2026-03-13T05:39:03.070899Z","published":"2022-02-15T17:15:09.270Z","references":[{"type":"FIX","url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2519"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/pipeline-build-step-plugin","events":[{"introduced":"0"},{"last_affected":"9662efd616f578d9058ad2f069c1ecaec8a91ddb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.15"}]}}],"versions":["pipeline-build-step-2.0","pipeline-build-step-2.1","pipeline-build-step-2.10","pipeline-build-step-2.11","pipeline-build-step-2.12","pipeline-build-step-2.13","pipeline-build-step-2.14","pipeline-build-step-2.15","pipeline-build-step-2.2","pipeline-build-step-2.3","pipeline-build-step-2.4","pipeline-build-step-2.5","pipeline-build-step-2.6","pipeline-build-step-2.7","pipeline-build-step-2.8","pipeline-build-step-2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25184.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}