Jenkins Credentials Binding
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Credentials Binding.
By the Year
In 2025 there have been 1 vulnerability in Jenkins Credentials Binding with an average score of 7.3 out of ten. Credentials Binding did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2025 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 7.30 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.30 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 5.40 |
| 2019 | 1 | 6.50 |
| 2018 | 1 | 4.30 |
It may take a day or so for new Credentials Binding vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Credentials Binding Security Vulnerabilities
CVE-2025-53650: Jenkins Credentials Binding Plugin leaks passwords in logs
CVE-2025-53650
7.3 - High
- July 09, 2025
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation
CVE-2022-20616
4.3 - Medium
- January 12, 2022
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
AuthZ
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e
CVE-2020-2181
6.5 - Medium
- May 06, 2020
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Insufficiently Protected Credentials
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e
CVE-2020-2182
4.3 - Medium
- May 06, 2020
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
Insufficiently Protected Credentials
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format
CVE-2019-1010241
6.5 - Medium
- July 19, 2019
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.
Credentials Management Errors
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs
CVE-2018-1000057
4.3 - Medium
- February 09, 2018
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Credentials Binding or by Jenkins? Click the Watch button to subscribe.
