PT-2023-22744 · Jenkins · Jenkins Thycotic Devops Secrets Vault Plugin+1
Tim Jacomb
·
Published
2023-04-12
·
Updated
2025-02-07
·
CVE-2023-30515
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Thycotic DevOps Secrets Vault Plugin versions 1.0.0 and earlier
Description
The issue arises from the improper masking of credentials in the build log when push mode for durable task logging is enabled. This means that credentials are not replaced with asterisks as they should be, potentially exposing sensitive information.
Recommendations
For Jenkins Thycotic DevOps Secrets Vault Plugin versions 1.0.0 and earlier, consider disabling the push mode for durable task logging until a proper fix is available to ensure credentials are masked correctly in the build log.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Thycotic Devops Secrets Vault Plugin