Lucene search
K

59 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0014EPSS
Exploits0References1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.7 views

CSRF vulnerability and missing permission check in zdevops

zdevops 1.1.3.50.ve350c9b450b1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.8AI score0.0014EPSS
Exploits0Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.17 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.3.40 jenkins-2-plugins (RHSA-2020:4265)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4265 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...

6.5CVSS5.8AI score0.01087EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3453 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...

7.5CVSS5.8AI score0.01359EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. - jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin SECURITY-1322 CVE-2019-10320 -...

9.9CVSS5.8AI score0.01999EPSS
Exploits0References8
CVE
CVE
added 2026/04/29 1:31 p.m.41 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier is vulnerable due to failure to sanitize file names for file and zip file credentials, enabling a job’s credentials to write files to arbitrary locations on the node filesystem and potentially enabling remote code execution if a lo...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.7 views

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS6.7AI score0.00447EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-1323

Malware in sbrugna...

6.1CVSS6.1AI score0.11308EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2780

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00852EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2024-2957

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00583EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20864

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00321EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-5823

Malicious code in bioql PyPI...

4.3CVSS5.5AI score0.00969EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2361

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01365EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3026

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01365EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.7 views

Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...

7.3CVSS6.3AI score0.00321EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/07/09 6:30 p.m.8 views

GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...

5.3CVSS6AI score0.00321EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.5 views

PT-2025-28902 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 687.v619cb 15e923f and earlier Description: The Jenkins Credentials Binding Plugin does not properly mask credentials present in exception error messages written to the build log. This can lead to t...

7.3CVSS6.1AI score0.00321EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/23 6:43 a.m.20 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS6.8AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:41 a.m.8 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS6.7AI score0.00357EPSS
Exploits0References1
Rows per page
Query Builder