CGA-2xfc-rx9g-78jp

Published

Last updated

https://images.chainguard.dev/security/CGA-2xfc-rx9g-78jp

Package

jenkins-2.462

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

CVE-2025-22228
GHSA-mg83-c7gq-rv5c

Severity

Unknown

Summary

Spring Security Does Not Enforce Password Length

Description

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22228
https://github.com/advisories/GHSA-mg83-c7gq-rv5c
https://github.com/spring-projects/spring-security/commit/46f0dc6dfc8402cd556c598fdf2d31f9d46cdbf3
https://github.com/spring-projects/spring-security
https://security.netapp.com/advisory/ntap-20250425-0009
https://spring.io/security/cve-2025-22228

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-2xfc-rx9g-78jp

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources