5.3

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2181

GHSA ID

GHSA-43j2-r4v3-m8jp

EPSS Score

0.28558%

CWE

CWE-522

Published

5/24/2022

Updated

12/23/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2181

CVE-2020-2181: Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-2181

CVE-2020-2181:

5.3

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2181

GHSA ID

GHSA-43j2-r4v3-m8jp

EPSS Score

0.28558%

CWE

CWE-522

Published

5/24/2022

Updated

12/23/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:credentials-binding	maven	<= 1.22	1.23

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows the vulnerability was fixed by moving 'secretsForBuild.remove(build)' from the decorateLogger method to the close() method of the Filter inner class. This ensures secrets remain tracked until log processing finishes. The vulnerable version's premature removal in decorateLogger left secrets exposed in builds with no build steps, as there was no subsequent processing step to trigger masking after the removal. The test addition in SecretBuildWrapperTest.java confirms the issue manifested in post-build phases when no build steps were present.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-2181: Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

CVE-2020-2181:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2020-2181: Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

5.3

5.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI