CVE-2020-2182

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a $ character in some circumstances.

References

Affected packages

Git / github.com/jenkinsci/credentials-binding-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/credentials-binding-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d1de1c7edf59f00716b6f3d0fdcd7f2acd8c7a91

Affected versions

credentials-binding-1.*

credentials-binding-1.0

credentials-binding-1.0-beta-1

credentials-binding-1.1

credentials-binding-1.10

credentials-binding-1.11

credentials-binding-1.12

credentials-binding-1.13

credentials-binding-1.14

credentials-binding-1.15

credentials-binding-1.16

credentials-binding-1.17

credentials-binding-1.18

credentials-binding-1.19

credentials-binding-1.2

credentials-binding-1.20

credentials-binding-1.21

credentials-binding-1.22

credentials-binding-1.3

credentials-binding-1.4

credentials-binding-1.5

credentials-binding-1.6

credentials-binding-1.7

credentials-binding-1.8

credentials-binding-1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2182.json"