CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21625
https://notcve.org/view.php?id=CVE-2021-21625
18 Mar 2021 — Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. Jenkins CloudBees AWS Credentials Plugin versiones 1.28 y anteriores, no lleva a cabo una comprobación de permisos en un método auxiliar para endpoints HTTP, permitiendo a atacantes con permiso Overall/Read enumerar los ID de credenciales de ... • http://www.openwall.com/lists/oss-security/2021/03/18/5 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2182 – jenkins-credentials-binding-plugin: improper masking of secrets
https://notcve.org/view.php?id=CVE-2020-2182
06 May 2020 — Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. Jenkins Credentials Binding Plugin versiones 1.22 y anteriores, no enmascara (es decir, reemplazar con asteriscos) los secretos que contienen un carácter "$" en algunas circunstancias. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addr... • http://www.openwall.com/lists/oss-security/2020/05/06/3 • CWE-222: Truncation of Security-relevant Information CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2181 – jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
https://notcve.org/view.php?id=CVE-2020-2181
06 May 2020 — Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin versiones 1.22 y anteriores, no enmascara (es decir, reemplazar con asteriscos) los secretos en el registro de compilación cuando la compilación contiene pasos sin compilar. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private... • http://www.openwall.com/lists/oss-security/2020/05/06/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10436
https://notcve.org/view.php?id=CVE-2019-10436
16 Oct 2019 — An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. Una vulnerabilidad de lectura de archivos arbitraria en Jenkins Google OAuth Credentials Plugin versión 0.9 y anteriores, permitió a atacantes poder configurar trabajos y credenciales en Jenkins para obtener el contenido de cualquier archivo sobre el maestro Jenkins. • https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010241
https://notcve.org/view.php?id=CVE-2019-1010241
19 Jul 2019 — Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. El plugin Credentials Binding versión 1.17 de Jenkins, está afectado por: CWE-257: Almacenamiento de Contraseñas en un Formato Recuperable. • http://www.securityfocus.com/bid/109320 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10320 – jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)
https://notcve.org/view.php?id=CVE-2019-10320
21 May 2019 — Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate. Jenkins Credentials Plugin 2.1.18 y versiones anteriores permitieron a los usuarios con permiso crear o actualizar credenciales para confirmar la existencia de archivos en el maestro Jenkins con una attacker-specified path y obtener el c... • http://seclists.org/fulldisclosure/2019/May/39 • CWE-522: Insufficiently Protected Credentials CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10303
https://notcve.org/view.php?id=CVE-2019-10303
18 Apr 2019 — Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. Jenkins Azure PublisherSettings Credentials Plugin version 1.2 y anteriores, tiene las credenciales almacenadas sin cifrar en el archivo credenciales.xml en el servidor maestro de Jenkins donde pueden ser vistas por los usuarios con acceso al sistema de archivos maestro. • http://www.securityfocus.com/bid/108045 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000601
https://notcve.org/view.php?id=CVE-2018-1000601
26 Jun 2018 — A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. Existe una vulnerabilidad de lectura de archivos arbitrarios en el plugin de Jenkins SSH Credentials en versiones 1.13 y anteriores en BasicSSHUserPrivateKey.java que permite a los atacantes con una cuenta en Jenkins y el permiso... • https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000057
https://notcve.org/view.php?id=CVE-2018-1000057
09 Feb 2018 — Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. Jenkins Credentials Binding Plugin, en versiones 1.14 y anteriores, ocul... • https://jenkins.io/security/advisory/2018-02-05 • CWE-522: Insufficiently Protected Credentials •