CVE-2020-2181

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

References

Affected packages

Git / github.com/jenkinsci/credentials-binding-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/credentials-binding-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d1de1c7edf59f00716b6f3d0fdcd7f2acd8c7a91

Affected versions

credentials-binding-1.*

credentials-binding-1.0

credentials-binding-1.0-beta-1

credentials-binding-1.1

credentials-binding-1.10

credentials-binding-1.11

credentials-binding-1.12

credentials-binding-1.13

credentials-binding-1.14

credentials-binding-1.15

credentials-binding-1.16

credentials-binding-1.17

credentials-binding-1.18

credentials-binding-1.19

credentials-binding-1.2

credentials-binding-1.20

credentials-binding-1.21

credentials-binding-1.22

credentials-binding-1.3

credentials-binding-1.4

credentials-binding-1.5

credentials-binding-1.6

credentials-binding-1.7

credentials-binding-1.8

credentials-binding-1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2181.json"