CVE-2023-33001

Name of the Vulnerable Software and Affected Versions Jenkins HashiCorp Vault Plugin versions 360.v0a 1c04cf807d and earlier

Description The issue is related to the improper masking of credentials in the build log when push mode for durable task logging is enabled. This can lead to the exposure of protected information. The vulnerability can be exploited by a remote attacker, allowing them to disclose sensitive information. The issue affects Pipeline steps like sh and bat when credentials are printed in build steps executing on an agent and push mode for durable task logging is enabled.

Recommendations As a temporary workaround, consider using the Credentials Binding 523.525.vb 72269281873, which implements a workaround that applies build log masking even in affected plugins. However, this workaround is temporary and potentially incomplete. At the moment, there is no information about a newer version that contains a fix for this vulnerability.