Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-u1n4-5c5f-5bfx

Summary

Improper masking of some secrets in Jenkins Credentials Binding Plugin
Credentials Binding Plugin allows specifying passwords and other secrets as environment variables, and will hide them from console output in builds. As a side effect of the fix for [SECURITY-698](https://www.jenkins.io/security/advisory/2018-02-05/#credentials-binding), `$` characters in secrets are escaped to `$$`. This will then be expanded to $ again once the secret is passed to (post) build steps.

Credentials Binding Plugin 1.22 and earlier does not mask the escaped form of the secret (containing `$$`). This occurs for example in the \"Execute Maven top-level targets\" build step included in Jenkins.\n\nCredentials Binding Plugin 1.23 now masks secrets both in their original form and with escaped `$` characters, so they will be masked even if printed before value expansion.

Aliases

alias	CVE-2020-2182

alias	GHSA-7ff8-qfwx-8gx5

Fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/credentials@1.23
purl	pkg:maven/org.jenkins-ci.plugins/credentials@1.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials@1.23

url	pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.23
purl	pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.23

Affected_packages

url pkg:maven/org.jenkins-ci.plugins/credentials@1.22

purl pkg:maven/org.jenkins-ci.plugins/credentials@1.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials@1.22

url pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.22

purl pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/credentials-binding@1.22

url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.248-1.git.1.9aad2ef?arch=el7

purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.248-1.git.1.9aad2ef?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.248-1.git.1.9aad2ef%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.248-1.git.1.b5530f6?arch=el7

purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.248-1.git.1.b5530f6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.248-1.git.1.b5530f6%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.248-1.git.1.108ef32?arch=el7

purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.248-1.git.1.108ef32?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.248-1.git.1.108ef32%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.248-1.git.1.bb4a1fc?arch=el7

purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.248-1.git.1.bb4a1fc?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.248-1.git.1.bb4a1fc%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.248-1.git.1.b53e0e3?arch=el7

purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.248-1.git.1.b53e0e3?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.248-1.git.1.b53e0e3%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.248-1.git.1.628ff22?arch=el7

purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.248-1.git.1.628ff22?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.248-1.git.1.628ff22%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.248-1.git.1.4c42a90?arch=el7

purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.248-1.git.1.4c42a90?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.248-1.git.1.4c42a90%3Farch=el7

url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.248-1.git.1.9885abb?arch=el7

purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.248-1.git.1.9885abb?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.248-1.git.1.9885abb%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.248-1.git.1.66abd18?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.248-1.git.1.66abd18?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.248-1.git.1.66abd18%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.248-1.git.1.32f87fc?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.248-1.git.1.32f87fc?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.248-1.git.1.32f87fc%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.248-1.git.1.ad54f5b?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.248-1.git.1.ad54f5b?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.248-1.git.1.ad54f5b%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@3.11.1593081747-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1593081747-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1593081747-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@4.3.1601981312-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@4.3.1601981312-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cnub-whtt-c7ej

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-gphv-efsc-57ef

vulnerability	VCID-js1p-kbgy-6be8

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.3.1601981312-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@4.4.1598545590-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@4.4.1598545590-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cnub-whtt-c7ej

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-gphv-efsc-57ef

vulnerability	VCID-js1p-kbgy-6be8

vulnerability	VCID-nkph-36cd-kfd4

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.4.1598545590-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@4.5.1596698303-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@4.5.1596698303-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cnub-whtt-c7ej

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-gphv-efsc-57ef

vulnerability	VCID-js1p-kbgy-6be8

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.5.1596698303-1%3Farch=el7

url pkg:rpm/redhat/openshift-ansible@3.11.248-1.git.0.fd212c7?arch=el7

purl pkg:rpm/redhat/openshift-ansible@3.11.248-1.git.0.fd212c7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.248-1.git.0.fd212c7%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.248-1.git.1.0020348?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.248-1.git.1.0020348?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.248-1.git.1.0020348%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.248-1.git.1.37b107c?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.248-1.git.1.37b107c?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.248-1.git.1.37b107c%3Farch=el7

url pkg:rpm/redhat/openshift-kuryr@3.11.248-1.git.1.f90c804?arch=el7

purl pkg:rpm/redhat/openshift-kuryr@3.11.248-1.git.1.f90c804?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-kuryr@3.11.248-1.git.1.f90c804%3Farch=el7

url pkg:rpm/redhat/python-urllib3@1.24.3-1?arch=el7

purl pkg:rpm/redhat/python-urllib3@1.24.3-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6kxp-qa5x-q3bq

vulnerability	VCID-b3e6-k53t-bkgk

vulnerability	VCID-f1w8-m5ur-sbfk

vulnerability	VCID-u1n4-5c5f-5bfx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-urllib3@1.24.3-1%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2182.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2182.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2182

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13756
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13832
published_at	2026-04-01T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13915
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13972
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13775
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13858
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1391
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13867
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1383
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13781
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1369
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13685
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2182

reference_url

https://github.com/jenkinsci/credentials-binding-plugin

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/credentials-binding-plugin

reference_url

https://github.com/jenkinsci/credentials-binding-plugin/commit/77681e0d184b0ccafa2a27da3b3bdbba95b4fe8f

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/credentials-binding-plugin/commit/77681e0d184b0ccafa2a27da3b3bdbba95b4fe8f

reference_url

https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1835

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1835

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2182

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2182

reference_url

http://www.openwall.com/lists/oss-security/2020/05/06/3

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/06/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1847348
reference_id	1847348
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1847348

reference_url

https://github.com/advisories/GHSA-7ff8-qfwx-8gx5

reference_id

GHSA-7ff8-qfwx-8gx5

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7ff8-qfwx-8gx5

reference_url	https://access.redhat.com/errata/RHSA-2020:3453
reference_id	RHSA-2020:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3453

reference_url	https://access.redhat.com/errata/RHSA-2020:3625
reference_id	RHSA-2020:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3625

reference_url	https://access.redhat.com/errata/RHSA-2020:4265
reference_id	RHSA-2020:4265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4265

Weaknesses

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

cwe_id	222
name	Truncation of Security-relevant Information
description	The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 4.3

Exploitability 0.5

Weighted_severity 3.9

Risk_score 1.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1n4-5c5f-5bfx

Vulnerability Instance