Jenkins Credentials Binding Plugin
Moderate fix1 remedy
cpe:2.3:a:jenkins:credentials_binding:*:*:*:*:jenkins:*:*
Moderate fix1 remedy
- <= 719.v80e905ef14eb_
Jenkins Credentials Binding Plugin Path Traversal Vulnerability Allowing Arbitrary File Write
Vulnerability
Patched
A path traversal vulnerability has been identified in the Jenkins Credentials Binding Plugin, affecting versions through 719.v80e905ef14eb_. The vulnerability arises because the plugin does not properly sanitize file names for file and zip file credentials. This lack of sanitization enables attackers who can provide credentials to a job to write files to arbitrary locations on the node's filesystem. If Jenkins allows low-privileged users to configure file or zip file credentials for jobs running on the built-in node, this could lead to remote code execution.
Impact
Exploitation of this vulnerability could result in arbitrary file writes on the node filesystem, with the potential for remote code execution if certain conditions are met.
Remediation
Users of the Credentials Binding Plugin should update to version 720.v3f6decef43ea_.
Added: Apr 29, 2026, 2:31 PM
Updated: Apr 29, 2026, 2:31 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
10.0exploitability
5.2remediation
7.9relevance
7.0threat
0.1urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.