CVE-2020-2181: Insufficiently Protected Credentials

May 24, 2022 (updated June 24, 2022)

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

References

www.openwall.com/lists/oss-security/2020/05/06/3
github.com/advisories/GHSA-43j2-r4v3-m8jp
jenkins.io/security/advisory/2020-05-06/
nvd.nist.gov/vuln/detail/CVE-2020-2181

Detect and mitigate CVE-2020-2181 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →