Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-f1w8-m5ur-sbfk

Summary

Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.

Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps.

Aliases

alias	CVE-2020-2181

alias	GHSA-43j2-r4v3-m8jp

Fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/credentials@1.23
purl	pkg:maven/org.jenkins-ci.plugins/credentials@1.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials@1.23

url	pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.23
purl	pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.23

Affected_packages

url pkg:maven/org.jenkins-ci.plugins/credentials@1.22

purl pkg:maven/org.jenkins-ci.plugins/credentials@1.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials@1.22

url pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.22

purl pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.22

url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.248-1.git.1.9aad2ef?arch=el7

purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.248-1.git.1.9aad2ef?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.248-1.git.1.9aad2ef%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.248-1.git.1.b5530f6?arch=el7

purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.248-1.git.1.b5530f6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.248-1.git.1.b5530f6%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.248-1.git.1.108ef32?arch=el7

purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.248-1.git.1.108ef32?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.248-1.git.1.108ef32%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.248-1.git.1.bb4a1fc?arch=el7

purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.248-1.git.1.bb4a1fc?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.248-1.git.1.bb4a1fc%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.248-1.git.1.b53e0e3?arch=el7

purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.248-1.git.1.b53e0e3?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.248-1.git.1.b53e0e3%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.248-1.git.1.628ff22?arch=el7

purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.248-1.git.1.628ff22?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.248-1.git.1.628ff22%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.248-1.git.1.4c42a90?arch=el7

purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.248-1.git.1.4c42a90?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.248-1.git.1.4c42a90%3Farch=el7

url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.248-1.git.1.9885abb?arch=el7

purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.248-1.git.1.9885abb?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.248-1.git.1.9885abb%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.248-1.git.1.66abd18?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.248-1.git.1.66abd18?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.248-1.git.1.66abd18%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.248-1.git.1.32f87fc?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.248-1.git.1.32f87fc?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.248-1.git.1.32f87fc%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.248-1.git.1.ad54f5b?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.248-1.git.1.ad54f5b?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.248-1.git.1.ad54f5b%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@3.11.1593081747-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1593081747-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1593081747-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@4.3.1601981312-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@4.3.1601981312-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cnub-whtt-c7ej

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-gphv-efsc-57ef

vulnerability	VCID-js1p-kbgy-6be8

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.3.1601981312-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@4.4.1598545590-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@4.4.1598545590-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cnub-whtt-c7ej

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-gphv-efsc-57ef

vulnerability	VCID-js1p-kbgy-6be8

vulnerability	VCID-nkph-36cd-kfd4

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.4.1598545590-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@4.5.1596698303-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@4.5.1596698303-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cnub-whtt-c7ej

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-gphv-efsc-57ef

vulnerability	VCID-js1p-kbgy-6be8

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.5.1596698303-1%3Farch=el7

url pkg:rpm/redhat/openshift-ansible@3.11.248-1.git.0.fd212c7?arch=el7

purl pkg:rpm/redhat/openshift-ansible@3.11.248-1.git.0.fd212c7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.248-1.git.0.fd212c7%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.248-1.git.1.0020348?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.248-1.git.1.0020348?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.248-1.git.1.0020348%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.248-1.git.1.37b107c?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.248-1.git.1.37b107c?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.248-1.git.1.37b107c%3Farch=el7

url pkg:rpm/redhat/openshift-kuryr@3.11.248-1.git.1.f90c804?arch=el7

purl pkg:rpm/redhat/openshift-kuryr@3.11.248-1.git.1.f90c804?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-kuryr@3.11.248-1.git.1.f90c804%3Farch=el7

url pkg:rpm/redhat/python-urllib3@1.24.3-1?arch=el7

purl pkg:rpm/redhat/python-urllib3@1.24.3-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kxp-qa5x-q3bq

vulnerability	VCID-b3e6-k53t-bkgk

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-urllib3@1.24.3-1%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2181.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2181

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.2756
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27735
published_at	2026-04-01T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27773
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27811
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27603
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.2767
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27713
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27717
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27674
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27615
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27625
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27599
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2181

reference_url

https://github.com/jenkinsci/credentials-binding-plugin

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/credentials-binding-plugin

reference_url

https://github.com/jenkinsci/credentials-binding-plugin/commit/59ead11bcb3fd132258d1d7da4a34d47750f40d2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/credentials-binding-plugin/commit/59ead11bcb3fd132258d1d7da4a34d47750f40d2

reference_url

https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2181

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2181

reference_url

http://www.openwall.com/lists/oss-security/2020/05/06/3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/06/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1847341
reference_id	1847341
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1847341

reference_url

https://github.com/advisories/GHSA-43j2-r4v3-m8jp

reference_id

GHSA-43j2-r4v3-m8jp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-43j2-r4v3-m8jp

reference_url	https://access.redhat.com/errata/RHSA-2020:3453
reference_id	RHSA-2020:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3453

reference_url	https://access.redhat.com/errata/RHSA-2020:3625
reference_id	RHSA-2020:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3625

reference_url	https://access.redhat.com/errata/RHSA-2020:4265
reference_id	RHSA-2020:4265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4265

Weaknesses

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1w8-m5ur-sbfk

Vulnerability Instance