CVE-2020-2182

CWE-522 — Insufficiently Protected Credentials CWE-22210 documents7 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 86.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Credentials Binding Plugin Jenkins Credentials Binding

Timeline

PublishedMay 6

Latest updateMay 24

Description

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:credentials-binding< 1.23

▶CVEListV5jenkins_project/jenkins_credentials_binding_pluginunspecified — 1.22

▶NVDjenkins/credentials_binding1.22

🔴Vulnerability Details

GHSA

Improper masking of some secrets in Jenkins Credentials Binding Plugin↗2022-05-24

▶

OSV

Improper masking of some secrets in Jenkins Credentials Binding Plugin↗2022-05-24

▶

CVEList

CVE-2020-2182: Jenkins Credentials Binding Plugin 1↗2020-05-06

▶

📋Vendor Advisories

Red Hat

jenkins-credentials-binding-plugin: improper masking of secrets↗2020-05-06

▶

Jenkins

Jenkins Security Advisory 2020-05-06↗2020-05-06

▶

💬Community

Bugzilla

CVE-2020-2181 CVE-2020-2182 jenkins-2-plugins: jenkins-credentials-binding-plugin: various flaws [openshift-4]↗2020-07-29

▶

Bugzilla

CVE-2020-2181 CVE-2020-2182 jenkins-2-plugins: jenkins-credentials-binding-plugin: various flaws [openshift-4]↗2020-07-29

▶

Bugzilla

CVE-2020-2181 CVE-2020-2182 jenkins-2-plugins: jenkins-credentials-binding-plugin: various flaws [openshift-4]↗2020-06-30

▶

Bugzilla

CVE-2020-2182 jenkins-credentials-binding-plugin: improper masking of secrets↗2020-06-16

▶