56 matches found
CVE-2026-48922
Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...
RHCOS 4 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3453 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...
RHCOS 4 : OpenShift Container Platform 4.3.40 jenkins-2-plugins (RHSA-2020:4265)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4265 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...
RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. - jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin SECURITY-1322 CVE-2019-10320 -...
CVE-2026-42520
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier is vulnerable due to failure to sanitize file names for file and zip file credentials, enabling a job’s credentials to write files to arbitrary locations on the node filesystem and potentially enabling remote code execution if a lo...
CVE-2023-50768
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
EUVD-2021-1323
Malware in sbrugna...
EUVD-2024-2957
Malicious code in bioql PyPI...
EUVD-2022-5823
Malicious code in bioql PyPI...
EUVD-2022-2361
Malicious code in bioql PyPI...
EUVD-2025-20864
Malicious code in bioql PyPI...
EUVD-2022-2780
Malicious code in bioql PyPI...
EUVD-2022-3026
Malicious code in bioql PyPI...
GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...
PT-2025-28902 · Jenkins · Jenkins Credentials Binding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 687.v619cb 15e923f and earlier Description: The Jenkins Credentials Binding Plugin does not properly mask credentials present in exception error messages written to the build log. This can lead to t...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2023-23847
A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10467
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...