Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a $ character in some circumstances.
Weakness
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Credentials_binding | Jenkins | * | 1.22 (including) |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-enterprise-service-catalog-1:3.11.248-1.git.1.9aad2ef.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-cluster-autoscaler-0:3.11.248-1.git.1.b5530f6.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-descheduler-0:3.11.248-1.git.1.108ef32.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-dockerregistry-0:3.11.248-1.git.1.bb4a1fc.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-metrics-server-0:3.11.248-1.git.1.b53e0e3.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-node-problem-detector-0:3.11.248-1.git.1.628ff22.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-service-idler-0:3.11.248-1.git.1.4c42a90.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-openshift-oauth-proxy-0:3.11.248-1.git.1.9885abb.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-alertmanager-0:3.11.248-1.git.1.66abd18.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-node_exporter-0:3.11.248-1.git.1.32f87fc.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-prometheus-0:3.11.248-1.git.1.ad54f5b.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1593081747-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-ansible-0:3.11.248-1.git.0.fd212c7.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-autoheal-0:3.11.248-1.git.1.0020348.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-cluster-capacity-0:3.11.248-1.git.1.37b107c.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-kuryr-0:3.11.248-1.git.1.f90c804.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | python-urllib3-0:1.24.3-1.el7 | * |
| Red Hat OpenShift Container Platform 4.3 | RedHat | jenkins-2-plugins-0:4.3.1601981312-1.el7 | * |
| Red Hat OpenShift Container Platform 4.4 | RedHat | jenkins-2-plugins-0:4.4.1598545590-1.el7 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | jenkins-2-plugins-0:4.5.1596698303-1.el7 | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/474.html
- https://cwe.mitre.org/data/definitions/50.html
- https://cwe.mitre.org/data/definitions/509.html
- https://cwe.mitre.org/data/definitions/551.html
- https://cwe.mitre.org/data/definitions/555.html
- https://cwe.mitre.org/data/definitions/560.html
- https://cwe.mitre.org/data/definitions/561.html
- https://cwe.mitre.org/data/definitions/600.html
- https://cwe.mitre.org/data/definitions/644.html
- https://cwe.mitre.org/data/definitions/645.html
- https://cwe.mitre.org/data/definitions/652.html
- https://cwe.mitre.org/data/definitions/653.html