Hardcoded credentials

2020-05-0613:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a $ character in some circumstances.

CPENameOperatorVersion
credentials_bindingle1.22

CPE	Name	Operator	Version
	credentials_binding	le	1.22

References

www.openwall.com/lists/oss-security/2020/05/06/3

jenkins.io/security/advisory/2020-05-06/