59 matches found
CVE-2026-57307
A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CSRF vulnerability and missing permission check in zdevops
zdevops 1.1.3.50.ve350c9b450b1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
CVE-2026-48922
Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...
RHCOS 4 : OpenShift Container Platform 4.3.40 jenkins-2-plugins (RHSA-2020:4265)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4265 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...
RHCOS 4 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3453 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...
RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. - jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin SECURITY-1322 CVE-2019-10320 -...
CVE-2026-42520
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier is vulnerable due to failure to sanitize file names for file and zip file credentials, enabling a job’s credentials to write files to arbitrary locations on the node filesystem and potentially enabling remote code execution if a lo...
CVE-2023-50768
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
EUVD-2021-1323
Malware in sbrugna...
EUVD-2022-2780
Malicious code in bioql PyPI...
EUVD-2024-2957
Malicious code in bioql PyPI...
EUVD-2025-20864
Malicious code in bioql PyPI...
EUVD-2022-5823
Malicious code in bioql PyPI...
EUVD-2022-2361
Malicious code in bioql PyPI...
EUVD-2022-3026
Malicious code in bioql PyPI...
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...
GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...
PT-2025-28902 · Jenkins · Jenkins Credentials Binding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 687.v619cb 15e923f and earlier Description: The Jenkins Credentials Binding Plugin does not properly mask credentials present in exception error messages written to the build log. This can lead to t...
CVE-2024-47805
Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...
CVE-2023-23847
A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...