Vulnerabilities > Jenkins > Credentials Binding

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-20616 Missing Authorization vulnerability in Jenkins Credentials Binding
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
network
low complexity
jenkins CWE-862
4.3
4.3
2020-05-06 CVE-2020-2182 Insufficiently Protected Credentials vulnerability in Jenkins Credentials Binding
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
network
low complexity
jenkins CWE-522
4.3
4.3
2020-05-06 CVE-2020-2181 Insufficiently Protected Credentials vulnerability in Jenkins Credentials Binding
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
network
low complexity
jenkins CWE-522
6.5
6.5
2019-07-19 CVE-2019-1010241 Credentials Management vulnerability in Jenkins Credentials Binding 1.17
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format.
network
low complexity
jenkins CWE-255
4.0
4.0
2018-02-09 CVE-2018-1000057 Insufficiently Protected Credentials vulnerability in Jenkins Credentials Binding
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs.
network
low complexity
jenkins CWE-522
4.0
4.0