Jenkins Credentials Binding — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Credentials Binding, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2026-42520 — CVSS 7.5 (high): Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing…
CVE-2026-48922 — CVSS 7.5 (high): Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials…
CVE-2025-53650 — CVSS 7.3 (high): Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present…
CVE-2019-1010241 — CVSS 6.5 (medium): Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is…
CVE-2020-2181 — CVSS 6.5 (medium): Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build…
CVE-2022-20616 — CVSS 4.3 (medium): Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing…
CVE-2020-2182 — CVSS 4.3 (medium): Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some…
CVE-2018-1000057 — CVSS 4.3 (medium): Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however…