CVE-2020-2181 Information

Description

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e. replace with asterisks) secrets in the build log when the build contains no build steps.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.openwall.com/lists/oss-security/2020/05/06/3 https://jenkins.io/security/advisory/2020-05-06/SECURITY-1374

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5