Credentials Binding Security Vulnerabilities - 2020

CVE-2020-2181

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

CVE-2020-2182

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a $ character in some circumstances.