Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.
[
{
"product": "Jenkins",
"vendor": "Jenkins Credentials Binding Plugin",
"versions": [
{
"status": "affected",
"version": "1.17"
}
]
}
]