Jenkins: >> Credentials Binding >> 1.17 Security Vulnerabilities
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-12
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-05-06
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-05-06
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-19