Lucene search
K

87 matches found

OSV
OSV
added 2023/05/16 6:30 p.m.33 views

GHSA-V3FV-V9M6-26G3 Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

4.3CVSS7.5AI score0.00601EPSS
Exploits0References2
Prion
Prion
added 2022/08/23 5:15 p.m.17 views

Default credentials

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...

4CVSS6.4AI score0.00781EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:17 p.m.6 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2181 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2181 Source advisory: OSV:GHSA-43J2-R4V3-M8JP...

6.5CVSS6.6AI score0.01087EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:17 p.m.31 views

Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps...

6.5CVSS6.5AI score0.01087EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:17 p.m.5 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2182 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2182 Source advisory: OSV:GHSA-7FF8-QFWX-8GX5...

4.3CVSS6.1AI score0.00881EPSS
Exploits0
OSV
OSV
added 2022/05/24 5:17 p.m.24 views

GHSA-7FF8-QFWX-8GX5 Improper masking of some secrets in Jenkins Credentials Binding Plugin

Credentials Binding Plugin allows specifying passwords and other secrets as environment variables, and will hide them from console output in builds. As a side effect of the fix for SECURITY-698, $ characters in secrets are escaped to $$. This will then be expanded to $ again once the secret is...

3.1CVSS5.3AI score0.00881EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:17 p.m.27 views

GHSA-43J2-R4V3-M8JP Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps...

5.3CVSS6.5AI score0.01087EPSS
Exploits0References5
Snyk
Snyk
added 2022/05/24 4:50 p.m.2 views

Storing Passwords in a Recoverable Format

Overview org.jenkins-ci.plugins:credentials-binding is a plugin that allows credentials to be bound to environment variables for use from miscellaneous build steps. Affected versions of this package are vulnerable to Storing Passwords in a Recoverable Format via the config-variables.jelly file,...

7.1CVSS6.9AI score0.01468EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/05/24 4:50 p.m.6 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...

6.5CVSS6.5AI score0.01468EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.8 views

Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

6.5CVSS6.7AI score0.01468EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 4:50 p.m.4 views

GHSA-J7GW-MWFG-VQF4 Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

6.5CVSS6.4AI score0.01468EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/05/13 1:48 a.m.5 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +34 more potentially affected by CVE-2018-1000057 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.13)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =0.1.0, =0.1.1, =0.3.0, =0.4.1 and more Source cves: CVE-2018-1000057 Source advisory: OSV:GHSA-38XM-XHVJ-Q2QF...

4.3CVSS5.8AI score0.00676EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/01/24 6:5 p.m.81 views

CVE-2022-20616

A missing permissions validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a z...

4.3CVSS4.2AI score0.00852EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/01/13 12:1 a.m.5 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...

4.3CVSS5.8AI score0.00852EPSS
Exploits0
OSV
OSV
added 2022/01/13 12:1 a.m.26 views

GHSA-GQM2-2GCX-P88W Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin

Jenkins Credentials Binding Plugin prior to 1.27.1 and 1.24.1 does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. Credentials...

4.3CVSS4.7AI score0.00852EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.10 views

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file...

4.3CVSS5.8AI score0.00852EPSS
Exploits0References3
OSV
OSV
added 2022/01/12 8:15 p.m.14 views

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file...

4.3CVSS6.4AI score
Exploits0References2
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.26 views

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file...

5.7AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:5 p.m.124 views

CVE-2022-20616

CVE-2022-20616 refers to the Jenkins Credentials Binding Plugin (version ≤ 1.27) where a missing permission check in the form-validation method allows users with Overall/Read access to determine whether a given credential ID points to a secret file credential and whether it is a ZIP file. The des...

4.3CVSS4.3AI score0.00852EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.4 views

Jenkins 插件 权限许可和访问控制问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.The Jenkins Credentials Binding Plugin is vulnerable to an input validation error that stems from the plugin's failure to...

4.3CVSS5.6AI score0.00852EPSS
Exploits0References6
Rows per page
Query Builder