cvedb.io
CVE-2018-1000057
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2018-02-09T23:29:02.073 · Last modified 2026-06-17T01:32:20.027

Summary

Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.

Affected products

jenkins — credentials_binding

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.