PT-2023-22743 · Jenkins · Jenkins Azure Key Vault Plugin+1

Tim Jacomb

Publicado

2023-04-12

Atualizado

2025-02-07

CVE-2023-30514

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Azure Key Vault Plugin versions 187.va cd5fecd198a and earlier

Description The issue arises when the push mode for durable task logging is enabled, causing the plugin to not properly mask credentials in the build log. This means that instead of being replaced with asterisks, credentials are visible, potentially exposing sensitive information.

Recommendations For Jenkins Azure Key Vault Plugin versions 187.va cd5fecd198a and earlier, consider disabling the push mode for durable task logging until a fix is available to prevent credentials from being exposed in the build log.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2023-30514

GHSA-GMXM-PR58-V5JC

Produtos afetados

Jenkins

Jenkins Azure Key Vault Plugin

PT-2023-22743 · Jenkins · Jenkins Azure Key Vault Plugin+1

CVE-2023-30514

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8