GHSA-v3fv-v9m6-26g3, CVE-2023-33001
maven/com.datapipe.jenkins.plugins/hashicorp-vault-plugin
Insertion of Sensitive Information into Log File
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
All versions up to 360.v0a
Unfortunately, there is no solution available yet.
2023-05-29
source |