Jenkins Configuration as Code Plugin prior to version 1.25 did not treat the proxy password as a secret to be masked when logging or encrypted for export.

Affected Packages

Maven io.jenkins:configuration-as-code

Affected versions: 0 (fixed in 1.25)

Related CVEs

CVE-2019-10345

Key Information

GHSA ID

GHSA-ggmx-pq89-7mcr

Published

May 24, 2022 4:51 PM

Last Modified

June 28, 2022 11:07 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins:configuration-as-code

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.