Jenkins: >> Credentials Binding >> 1.26 Security Vulnerabilities
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-07-09
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-12