CVE-2018-1000057

Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.
References
Link Resource
https://jenkins.io/security/advisory/2018-02-05/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:jenkins:credentials_binding:*:*:*:*:*:jenkins:*:*

Information

Published : 2018-02-09 11:29

Updated : 2019-10-03 12:03


NVD link : CVE-2018-1000057

Mitre link : CVE-2018-1000057

Products Affected
No products.
CWE