Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

Published

2025-07-09T16:15:24.397

Last Modified

2025-11-04T22:16:22.147

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	credentials_binding	≤ 687.689.v1a_f775332fc	Yes

References

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3499 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/07/09/4 (af854a3a-2127-422b-91ae-364da2661108)