Insufficiently protected credentials in Credentials Binding - CVE-2020-2181
Published: May 7, 2020
Vulnerability identifier: #VU27607
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-2181
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Credentials Binding
Credentials Binding
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the affected plugin does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. A remote authenticated attacker can gain unauthorized access to sensitive information on the target system.
Remediation
Install updates from vendor's website.