Lucene search
HistoryApr 12, 2023 - 6:15 p.m.
CVE-2023-30515
cve-2023-30515
jenkins
thycotic
devops
secrets vault
plugin
credentials
security
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
60.7%
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Affected configurations
Node
jenkinsthycotic_devops_secrets_vaultRange≤1.0.0jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:thycotic_devops_secrets_vault | jenkins thycotic devops secrets vault | le | 1.0.0 |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins Thycotic DevOps Secrets Vault Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-04-12 18:15:00
nvd
nvd
CVE-2023-30515
2023-04-12 18:15:08
cvelist
cvelist
CVE-2023-30515
2023-04-12 17:05:07
osv
osv
Jenkins Azure Key Vault Plugin does not properly mask credentials
2023-04-12 18:30:37
Jenkins Kubernetes Plugin does not properly mask credentials
2023-04-12 18:30:37
github
github
Jenkins Azure Key Vault Plugin does not properly mask credentials
2023-04-12 18:30:37
Jenkins Kubernetes Plugin does not properly mask credentials
2023-04-12 18:30:37
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
60.7%
Related for CVE-2023-30515