{"id":"CVE-2020-2181","details":"Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.","aliases":["GHSA-43j2-r4v3-m8jp"],"modified":"2026-03-15T22:34:51.387573Z","published":"2020-05-06T13:15:14.103Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/05/06/3"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/credentials-binding-plugin","events":[{"introduced":"0"},{"last_affected":"d1de1c7edf59f00716b6f3d0fdcd7f2acd8c7a91"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.22"}]}}],"versions":["credentials-binding-1.0","credentials-binding-1.0-beta-1","credentials-binding-1.1","credentials-binding-1.10","credentials-binding-1.11","credentials-binding-1.12","credentials-binding-1.13","credentials-binding-1.14","credentials-binding-1.15","credentials-binding-1.16","credentials-binding-1.17","credentials-binding-1.18","credentials-binding-1.19","credentials-binding-1.2","credentials-binding-1.20","credentials-binding-1.21","credentials-binding-1.22","credentials-binding-1.3","credentials-binding-1.4","credentials-binding-1.5","credentials-binding-1.6","credentials-binding-1.7","credentials-binding-1.8","credentials-binding-1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2181.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}