Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins credentials binding vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2018-1000057
Jenkins Credentials Binding Plugin 1.14 and previous versions masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but s...
Jenkins Credentials Binding
4.3
CVSSv3
CVE-2022-20616
Jenkins Credentials Binding Plugin 1.27 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip fi...
Jenkins Credentials Binding
6.5
CVSSv3
CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and previous versions does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Jenkins Credentials Binding
4.3
CVSSv3
CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and previous versions does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
Jenkins Credentials Binding
6.5
CVSSv3
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker cre...
Jenkins Credentials Binding 1.17
6.5
CVSSv3
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and previous versions does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
Jenkins Git
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started