CVE-2020-2181
MEDIUMJenkins Credentials Binding - Insufficiently Protected Credentials
Title source: ruleDescription
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
27.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-522
Status
published
Affected Products (2)
jenkins/credentials_binding
< 1.22
org.jenkins-ci.plugins/credentials-binding
< 1.23Maven
Timeline
Published
May 06, 2020
Tracked Since
Feb 18, 2026