GHSA-43j2-r4v3-m8jp

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-43j2-r4v3-m8jp/GHSA-43j2-r4v3-m8jp.json
Aliases
  • CVE-2020-2181
Published
2022-05-24T17:17:14Z
Modified
2022-06-24T01:25:50.596107Z
Details

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

References

Affected packages

Maven / org.jenkins-ci.plugins:credentials

org.jenkins-ci.plugins:credentials

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.23

Affected versions

1.*

1.0
1.1
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.16.1
1.17
1.18
1.19
1.2
1.20
1.21
1.22
1.3
1.3.1
1.4
1.5
1.6
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.9
1.9.1
1.9.2
1.9.3
1.9.4

Database specific

{
    "last_known_affected_version_range": "<= 1.22"
}