Vulnerability Description
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Credentials Binding | <= 1.22 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/05/06/3Mailing ListThird Party Advisory
- https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374Vendor Advisory
- http://www.openwall.com/lists/oss-security/2020/05/06/3Mailing ListThird Party Advisory
- https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374Vendor Advisory
FAQ
What is CVE-2020-2181?
CVE-2020-2181 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
How severe is CVE-2020-2181?
CVE-2020-2181 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-2181?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Credentials Binding.