org.jenkins-ci.plugins:credentials-binding
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:credentials-bindingpage 1 of 1
- CVE-2018-1000057MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.152018-02-09
vulnerable: 1.0 ... 1.9 (16 versions)
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result…
- CVE-2019-1010241MEDIUMCVSS 6.5EG 6.52019-07-19
vulnerable: 1.17
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVari…
- CVE-2020-2181MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.232020-05-06
vulnerable: 1.0 ... 1.9 (25 versions)
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
- CVE-2020-2182MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.232020-05-06
vulnerable: 1.0 ... 1.9 (25 versions)
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
- CVE-2022-20616MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.24.12022-01-12
vulnerable: 1.0 ... 1.9 (27 versions)
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential…
- CVE-2026-42520HIGHCVSS 7.5EG 7.5✓ Fixed in 720.v3f6decef43ea2026-04-29
vulnerable: 1.0 ... 719.v80e905ef14eb_ (50 versions)
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node fil…
Check whether org.jenkins-ci.plugins:credentials-binding is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:credentials-binding CVEs against the assets you own.
Start Free Scan →