45 matches found
CVE-2022-20616
A missing permissions validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a z...
GHSA-GQM2-2GCX-P88W Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Jenkins Credentials Binding Plugin prior to 1.27.1 and 1.24.1 does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. Credentials...
CVE-2022-20616
CVE-2022-20616 refers to the Jenkins Credentials Binding Plugin (version ≤ 1.27) where a missing permission check in the form-validation method allows users with Overall/Read access to determine whether a given credential ID points to a secret file credential and whether it is a ZIP file. The des...
CVE-2022-20616
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file...
Jenkins 插件 权限许可和访问控制问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.The Jenkins Credentials Binding Plugin is vulnerable to an input validation error that stems from the plugin's failure to...
PT-2022-14825 · Jenkins · Jenkins Credentials Binding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 1.27 and earlier Jenkins Credentials Binding Plugin versions prior to 1.27.1 Jenkins Credentials Binding Plugin versions prior to 1.24.1 Description: The issue allows attackers with Overall/Read...
jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
jenkins-credentials-binding-plugin: improper masking of secrets
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
Unspecified Vulnerability in CloudBees Jenkins Credentials Binding Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins Credentials Binding Plugin is used in...
Unspecified Vulnerability in CloudBees Jenkins Credentials Binding Plugin (CNVD-2020-33749)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins Credentials Binding Plugin is used in...
CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
Hardcoded credentials
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
CVE-2020-2182
CVE-2020-2182 affects Jenkins Credentials Binding Plugin up to version 1.22. The root issue is improper masking of secrets containing a dollar sign: after escaping $ to $$ (to prevent premature expansion), the escaped form was not masked in some cases (e.g., certain build steps). The advisory ind...
CVE-2020-2181
CVE-2020-2181 affects Jenkins Credentials Binding Plugin (versions 1.22 and earlier) where secrets are not masked in build logs when a build contains no build steps. This is documented in a GHSA advisory for Jenkins Credentials Binding Plugin and reflected in Red Hat advisories linking CVE-2020-2...
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
CloudBees Jenkins Credentials Binding Plugin Jenkins Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins Credentials Binding Plugin is used in...
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
CVE-2019-1010241
The CVE-2019-1010241 entry affects Jenkins Credentials Binding Plugin (v1.17) where the vulnerability exists in config-variables.jelly at line 30 (passwordVariable). The underlying issue is storing passwords in a recoverable format (CWE-257). As described, authenticated users can recover credenti...