Описание
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1847341jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
EPSS
Процентиль: 28%
0.001
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
почти 6 лет назад
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
CVSS3: 5.3
github
больше 3 лет назад
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
EPSS
Процентиль: 28%
0.001
Низкий
6.5 Medium
CVSS3