Jenkins Credentials Binding vulnerabilities

6 known vulnerabilities affecting jenkins/credentials_binding.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2025-53650HIGHCVSS 7.3≤ 687.689.v1a_f775332fc2025-07-09

CVE-2025-53650 [HIGH] CWE-522 CVE-2025-53650: Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., repl Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

CVE-2022-20616MEDIUMCVSS 4.3≤ 1.272022-01-12

CVE-2022-20616 [MEDIUM] CWE-862 CVE-2022-20616: Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

CVE-2020-2182MEDIUMCVSS 4.3≤ 1.222020-05-06

CVE-2020-2182 [MEDIUM] CWE-522 CVE-2020-2182: Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) sec Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.

CVE-2020-2181MEDIUMCVSS 6.5≤ 1.222020-05-06

CVE-2020-2181 [MEDIUM] CWE-522 CVE-2020-2181: Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) sec Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

CVE-2019-1010241MEDIUMCVSS 6.5v1.172019-07-19

CVE-2019-1010241 [MEDIUM] CWE-257 CVE-2019-1010241: Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Reco Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.

CVE-2018-1000057MEDIUMCVSS 4.3≤ 1.142018-02-09

CVE-2018-1000057 [MEDIUM] CWE-522 CVE-2018-1000057: Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes i Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are