CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2182 – jenkins-credentials-binding-plugin: improper masking of secrets
https://notcve.org/view.php?id=CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. Jenkins Credentials Binding Plugin versiones 1.22 y anteriores, no enmascara (es decir, reemplazar con asteriscos) los secretos que contienen un carácter "$" en algunas circunstancias. • http://www.openwall.com/lists/oss-security/2020/05/06/3 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1835 https://access.redhat.com/security/cve/CVE-2020-2182 https://bugzilla.redhat.com/show_bug.cgi?id=1847348 • CWE-222: Truncation of Security-relevant Information CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2181 – jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
https://notcve.org/view.php?id=CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin versiones 1.22 y anteriores, no enmascara (es decir, reemplazar con asteriscos) los secretos en el registro de compilación cuando la compilación contiene pasos sin compilar. • http://www.openwall.com/lists/oss-security/2020/05/06/3 https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374 https://access.redhat.com/security/cve/CVE-2020-2181 https://bugzilla.redhat.com/show_bug.cgi?id=1847341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10436
https://notcve.org/view.php?id=CVE-2019-10436
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master. Una vulnerabilidad de lectura de archivos arbitraria en Jenkins Google OAuth Credentials Plugin versión 0.9 y anteriores, permitió a atacantes poder configurar trabajos y credenciales en Jenkins para obtener el contenido de cualquier archivo sobre el maestro Jenkins. • https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010241
https://notcve.org/view.php?id=CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. El plugin Credentials Binding versión 1.17 de Jenkins, está afectado por: CWE-257: Almacenamiento de Contraseñas en un Formato Recuperable. • http://www.securityfocus.com/bid/109320 https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10320 – jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)
https://notcve.org/view.php?id=CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate. Jenkins Credentials Plugin 2.1.18 y versiones anteriores permitieron a los usuarios con permiso crear o actualizar credenciales para confirmar la existencia de archivos en el maestro Jenkins con una attacker-specified path y obtener el contenido del certificado de los archivos que contienen un PKCS # 12 certificate. • http://seclists.org/fulldisclosure/2019/May/39 http://www.openwall.com/lists/oss-security/2019/05/21/1 http://www.securityfocus.com/bid/108462 https://access.redhat.com/errata/RHBA-2019:1605 https://access.redhat.com/errata/RHSA-2019:1636 https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322 https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320 https://access.redhat.com/security/cve/CVE-20 • CWE-522: Insufficiently Protected Credentials CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •