cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20616,https://securityvulnerability.io/vulnerability/CVE-2022-20616,Insufficient Permission Check in Jenkins Credentials Binding Plugin,"The Jenkins Credentials Binding Plugin versions 1.27 and earlier are susceptible to an improper permission check in a method responsible for form validation. This flaw enables attackers with Overall/Read access to ascertain whether a given credential ID corresponds to a secret file credential and to determine if the associated file is a zip file. This vulnerability could potentially lead to exposure of sensitive credential information, making it crucial for users of the plugin to update to non-vulnerable versions to maintain their security posture.",Jenkins,Jenkins Credentials Binding Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-01-12T19:05:51.000Z,0
CVE-2020-2182,https://securityvulnerability.io/vulnerability/CVE-2020-2182,,"Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.",Jenkins,Jenkins Credentials Binding Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-05-06T12:45:23.000Z,0
CVE-2020-2181,https://securityvulnerability.io/vulnerability/CVE-2020-2181,,"Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.",Jenkins,Jenkins Credentials Binding Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-05-06T12:45:22.000Z,0
CVE-2018-1000057,https://securityvulnerability.io/vulnerability/CVE-2018-1000057,,"Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.",Jenkins,Credentials Binding,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2018-02-09T23:00:00.000Z,0