PT-2023-22744 · Jenkins · Jenkins Thycotic Devops Secrets Vault Plugin+1

Tim Jacomb

Publicado

2023-04-12

Atualizado

2025-02-07

CVE-2023-30515

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Thycotic DevOps Secrets Vault Plugin versions 1.0.0 and earlier

Description The issue arises from the improper masking of credentials in the build log when push mode for durable task logging is enabled. This means that credentials are not replaced with asterisks as they should be, potentially exposing sensitive information.

Recommendations For Jenkins Thycotic DevOps Secrets Vault Plugin versions 1.0.0 and earlier, consider disabling the push mode for durable task logging until a proper fix is available to ensure credentials are masked correctly in the build log.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2023-30515

GHSA-F244-F9FC-W6FQ

Produtos afetados

Jenkins

Jenkins Thycotic Devops Secrets Vault Plugin

PT-2023-22744 · Jenkins · Jenkins Thycotic Devops Secrets Vault Plugin+1

CVE-2023-30515

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8