jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

PT-2020-15395 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 1.22 and earlier Description: The issue concerns the masking of secrets in the Jenkins Credentials Binding Plugin. Secrets containing a $ character are not properly masked in certain circumstances,...

DEBIAN-CVE-2018-18250

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...

bind-dyndb-ldap: named DoS via DNS query with $ in name

The dnstoldapdnescape function in src/ldapconvert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names DN for LDAP queries, which allows remote DNS servers to cause a denial of service named service hang via a "$" character in a DN in a DNS query...