GHSA-43j2-r4v3-m8jp

Source

https://github.com/advisories/GHSA-43j2-r4v3-m8jp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-43j2-r4v3-m8jp/GHSA-43j2-r4v3-m8jp.json

Aliases

CVE-2020-2181

Published

2022-05-24T17:17:14Z

Modified

2024-02-16T08:16:08.885782Z

Details

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps.

References

Affected packages

Maven / org.jenkins-ci.plugins:credentials-binding

Package

Name: org.jenkins-ci.plugins:credentials-binding

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.23

Affected versions

1.*

1.0-beta-1

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.17

1.18

1.19

1.20

1.20.1

1.21

1.22

Database specific

{
    "last_known_affected_version_range": "<= 1.22"
}