RHCOS 4 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3453 advisory. - jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps CVE-2020-2181 -...

EUVD-2025-20864

Malicious code in bioql PyPI...

Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...

GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...

PT-2025-28902 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 687.v619cb 15e923f and earlier Description: The Jenkins Credentials Binding Plugin does not properly mask credentials present in exception error messages written to the build log. This can lead to t...

Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

CVE-2022-20616

A missing permissions validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a z...