Wiz Agents & Workflows are here
Wiz
Vulnerability DatabaseCVE-2022-38663

CVE-2022-38663
Java vulnerability analysis and mitigation

Overview

CVE-2022-38663 is a security vulnerability discovered in the Jenkins Git Plugin that affects versions 4.11.4 and earlier. The vulnerability was disclosed on August 23, 2022, and relates to improper credential masking in the Git Plugin's build log functionality. The issue specifically affects the Git Username and Password (gitUsernamePassword) credentials binding feature (Jenkins Advisory).

Technical details

The vulnerability is classified with a Medium severity CVSS score. The technical issue stems from the Git Plugin's improper implementation of credential masking, where usernames are incorrectly masked instead of passwords in cases when usernames are not set to be treated as secret. This implementation flaw affects the build log provided by the Git Username and Password (gitUsernamePassword) credentials binding (Jenkins Advisory).

Impact

The vulnerability could potentially expose sensitive password information in build logs, as the plugin fails to properly mask (replace with asterisks) credentials. This exposure could lead to unauthorized access to systems if the credentials are intercepted by malicious actors (Jenkins Advisory).

Mitigation and workarounds

The vulnerability has been fixed in Git Plugin version 4.11.5. Users are advised to update to this version, which properly masks credentials in the build log provided by the Git Username and Password credentials binding. It's worth noting that as a side effect of the fix, usernames currently set to be not masked will lose their current (unintentional) masking (Jenkins Advisory).

Additional resources

SourceThis report was generated using AI

Related Java vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-34361CRITICAL9.3
  • JavaJava
  • ca.uhn.hapi.fhir:org.hl7.fhir.validation
NoYesMar 30, 2026
CVE-2026-34214HIGH7.7
  • JavaJava
  • trino
NoYesMar 29, 2026
CVE-2026-34359HIGH7.4
  • JavaJava
  • ca.uhn.hapi.fhir:org.hl7.fhir.core
NoYesMar 30, 2026
CVE-2026-34237MEDIUM6.1
  • JavaJava
  • io.modelcontextprotocol.sdk:mcp-core
NoYesMar 30, 2026
CVE-2026-34360MEDIUM5.8
  • JavaJava
  • ca.uhn.hapi.fhir:org.hl7.fhir.core
NoYesMar 30, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo