Описание
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
Credentials Binding Plugin 687.689.v1a_f775332fc9 rethrows exceptions that contain credentials, masking those credentials in the error messages.
Пакеты
org.jenkins-ci.plugins:credentials-binding
< 687.689.v1a
687.689.v1a
EPSS
5.3 Medium
CVSS4
4.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
EPSS
5.3 Medium
CVSS4
4.3 Medium
CVSS3