Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.

Affected Packages

Maven hudson.plugins:project-inheritance

Affected versions: 0 (last affected: 21.04.03)

Related CVEs

CVE-2020-2198

Key Information

GHSA ID

GHSA-w53q-r5cw-6vjh

Published

May 24, 2022 5:19 PM

Last Modified

December 22, 2022 1:38 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

hudson.plugins:project-inheritance

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.