VYPR

Credentials Binding

by Jenkins Project

CVEs (1)

  • CVE-2026-42520HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code…