Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oNng3LWpxNDYtZnAzM80ijA

Improper credentials masking in Jenkins HashiCorp Vault Plugin

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.

Permalink: https://github.com/advisories/GHSA-h6x7-jq46-fp33
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNng3LWpxNDYtZnAzM80ijA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 5 months ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-h6x7-jq46-fp33, CVE-2022-23109
References: Repository: https://github.com/jenkinsci/hashicorp-vault-plugin
Blast Radius: 1.0

Affected Packages

maven:com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Affected Version Ranges: < 3.8.0
Fixed in: 3.8.0