CVE-2020-2182
published 2020-05-06CVE-2020-2182: Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | amazon_ec2_plugin | — | — |
| jenkins | copy_artifact_plugin | — | — |
| jenkins | credentials_binding | <= 1.22 | — |
| jenkins | credentials_binding_plugin | — | — |
| jenkins | cvs_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | ids_in_amazon_ec2_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | scm_filter_jervis_plugin | — | — |
| jenkins | when_updating_the_plugin | — | — |
| jenkins_project | jenkins_credentials_binding_plugin | unspecified – 1.22 | — |