Credentials Binding Plugin
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48922 | Hig | 0.49 | 7.5 | 0.00 | May 27, 2026 | Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to… | ||
| CVE-2025-53650 | 0.00 | — | 0.00 | Jul 9, 2025 | Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log. | |||
| CVE-2022-20616 | 0.00 | — | 0.01 | Jan 12, 2022 | Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. | |||
| CVE-2020-2182 | 0.00 | — | 0.01 | May 6, 2020 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | |||
| CVE-2020-2181 | 0.00 | — | 0.01 | May 6, 2020 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. |
- risk 0.49cvss 7.5epss 0.00
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to…
- CVE-2025-53650Jul 9, 2025risk 0.00cvss —epss 0.00
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
- CVE-2022-20616Jan 12, 2022risk 0.00cvss —epss 0.01
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
- CVE-2020-2182May 6, 2020risk 0.00cvss —epss 0.01
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
- CVE-2020-2181May 6, 2020risk 0.00cvss —epss 0.01
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.