CVE-2023-33001

Insertion of Sensitive Information into Log File in maven/com.datapipe.jenkins.plugins/hashicorp-vault-plugin

Identifiers

GHSA-v3fv-v9m6-26g3, CVE-2023-33001

Package Slug

maven/com.datapipe.jenkins.plugins/hashicorp-vault-plugin

Vulnerability

Insertion of Sensitive Information into Log File

Description

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Affected Versions

All versions up to 360.v0a

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-05-29

source