RHCOS 4 : OpenShift Container Platform 4.3.40 jenkins-2-plugins (RHSA-2020:4265)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4265 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...

CLSA-2025-1763490076 Fix CVE(s): CVE-2025-62168

SECURITY UPDATE: failure to redact HTTP authentication credentials in error handling allows information disclosure - debian/patches/CVE-2025-62168.patch: Fix HttpRequest::pack to mask sensitive information to prevent disclosure - CVE-2025-62168...

EUVD-2022-6582

Malicious code in bioql PyPI...

EUVD-2022-7767

Malicious code in bioql PyPI...

EUVD-2023-1311

Malicious code in bioql PyPI...

EUVD-2025-20864

Malicious code in bioql PyPI...

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

PT-2023-5741 · Jenkins · Jenkins Nodejs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NodeJS Plugin versions 1.6.0 and earlier Description: The issue is related to the improper masking of credentials in the Npm config file in Pipeline build logs. This could allow a remote attacker to gain unauthorized access to protect...

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

GHSA-X3QH-53QF-JXQ9 Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. Gitea Plugin 1.4.5 adds support for masking of Gitea personal access tokens. Administrators unable to update are...

Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. Gitea Plugin 1.4.5 adds support for masking of Gitea personal access tokens. Administrators unable to update are...

Information disclosure

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log...

CVE-2022-46685

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log...

CVE-2022-38663

A flaw was found in the Jenkins Git plugin. The Git Plugin does not properly mask the credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding. Usernames are masked instead of passwords in cases when usernames are not set to be treated as secr...

GHSA-JXMW-3GXF-FPRH Improper masking of credentials Jenkins in Git Plugin

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...