Insufficiently protected credentials in Credentials Binding - CVE-2020-2181

 

Insufficiently protected credentials in Credentials Binding - CVE-2020-2181

Published: May 7, 2020


Vulnerability identifier: #VU27607
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-2181
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Jenkins
Affected software:
Credentials Binding

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. A remote authenticated attacker can gain unauthorized access to sensitive information on the target system.


How to mitigate CVE-2020-2181

Install updates from vendor's website.

Sources