CVE-2023-30515: Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials

April 12, 2023

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

References

github.com/advisories/GHSA-f244-f9fc-w6fq
nvd.nist.gov/vuln/detail/CVE-2023-30515
www.jenkins.io/security/advisory/2023-04-12/

Code Behaviors & Features

Detect and mitigate CVE-2023-30515 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →