CVE-2025-53650
- EPSS 0.05%
- Veröffentlicht 09.07.2025 15:39:26
- Zuletzt bearbeitet 04.11.2025 22:16:22
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
CVE-2022-20616
- EPSS 0.1%
- Veröffentlicht 12.01.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:43:10
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whethe...
CVE-2020-2181
- EPSS 0.1%
- Veröffentlicht 06.05.2020 13:15:14
- Zuletzt bearbeitet 21.11.2024 05:24:53
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
CVE-2020-2182
- EPSS 0.05%
- Veröffentlicht 06.05.2020 13:15:14
- Zuletzt bearbeitet 21.11.2024 05:24:53
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
CVE-2019-1010241
- EPSS 0.23%
- Veröffentlicht 19.07.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:18:05
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The ...
CVE-2018-1000057
- EPSS 0.03%
- Veröffentlicht 09.02.2018 23:29:02
- Zuletzt bearbeitet 21.11.2024 03:39:32
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values ...