Jasen Minton

**Name of the Vulnerable Software and Affected Versions** Jenkins HashiCorp Vault Plugin versions 3.7.0 and earlier **Description** The issue concerns the Jenkins HashiCorp Vault Plugin, where Vault credentials are not masked in Pipeline build logs or in Pipeline step descriptions when the Pipeline: Groovy Plugin 2.85 or later is installed. This could potentially expose sensitive information. **Recommendations** For Jenkins HashiCorp Vault Plugin versions 3.7.0 and earlier, update to a version later than 3.7.0 to ensure Vault credentials are properly masked in Pipeline build logs and step descriptions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.