Lucene search

K
JenkinsCredentials Binding

6 matches found

CVE
CVE
added 2019/07/19 5:15 p.m.160 views

CVE-2019-1010241

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a...

6.5CVSS6.4AI score0.00227EPSS
CVE
CVE
added 2020/05/06 1:15 p.m.119 views

CVE-2020-2181

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

6.5CVSS6.2AI score0.001EPSS
CVE
CVE
added 2020/05/06 1:15 p.m.115 views

CVE-2020-2182

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a $ character in some circumstances.

4.3CVSS4.3AI score0.00045EPSS
CVE
CVE
added 2022/01/12 8:15 p.m.109 views

CVE-2022-20616

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

4.3CVSS4.3AI score0.00216EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.46 views

CVE-2018-1000057

Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured password...

4.3CVSS4.6AI score0.0003EPSS
CVE
CVE
added 2025/07/09 4:15 p.m.11 views

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

7.3CVSS6.5AI score0.00059EPSS