CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20616
https://notcve.org/view.php?id=CVE-2022-20616
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. El plugin Jenkins Credentials Binding versiones 1.27 y anteriores, no lleva a cabo una comprobación de permisos en un método que implementa la comprobación de formularios, que permite a atacantes con acceso Overall/Read comprobar si un ID de credencial es referido a una credencial de archivo secreto y si es un archivo zip • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2182 – jenkins-credentials-binding-plugin: improper masking of secrets
https://notcve.org/view.php?id=CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. Jenkins Credentials Binding Plugin versiones 1.22 y anteriores, no enmascara (es decir, reemplazar con asteriscos) los secretos que contienen un carácter "$" en algunas circunstancias. • http://www.openwall.com/lists/oss-security/2020/05/06/3 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1835 https://access.redhat.com/security/cve/CVE-2020-2182 https://bugzilla.redhat.com/show_bug.cgi?id=1847348 • CWE-222: Truncation of Security-relevant Information CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2181 – jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
https://notcve.org/view.php?id=CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin versiones 1.22 y anteriores, no enmascara (es decir, reemplazar con asteriscos) los secretos en el registro de compilación cuando la compilación contiene pasos sin compilar. • http://www.openwall.com/lists/oss-security/2020/05/06/3 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374 https://access.redhat.com/security/cve/CVE-2020-2181 https://bugzilla.redhat.com/show_bug.cgi?id=1847341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010241
https://notcve.org/view.php?id=CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. El plugin Credentials Binding versión 1.17 de Jenkins, está afectado por: CWE-257: Almacenamiento de Contraseñas en un Formato Recuperable. • http://www.securityfocus.com/bid/109320 https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •