CVE-2020-2181: Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build…

medium6.5CVSS 3.1

AVNACLPRLUINSUCHINAN

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
jenkins	amazon_ec2_plugin	—	—
jenkins	copy_artifact_plugin	—	—
jenkins	credentials_binding	<= 1.22	—
jenkins	credentials_binding_plugin	—	—
jenkins	cvs_plugin	—	—
jenkins	for_more_information_see_the_plugin	—	—
jenkins	ids_in_amazon_ec2_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	scm_filter_jervis_plugin	—	—
jenkins	when_updating_the_plugin	—	—
jenkins_project	jenkins_credentials_binding_plugin	unspecified – 1.22	—