Lucene search

[email protected]CVE-2023-33001

HistoryMay 16, 2023 - 5:15 p.m.

CVE-2023-33001

2023-05-1617:15:12

CWE-532

[email protected]

web.nvd.nist.gov

cve-2023-33001

jenkins

hashicorp

vault plugin

security

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

37.9%

JSON

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

CPENameOperatorVersion
jenkins:hashicorp_vaultjenkins hashicorp vaultle360.v0a_1c04cf807d

CPE	Name	Operator	Version
jenkins:hashicorp_vault	jenkins hashicorp vault	le	360.v0a_1c04cf807d

References

www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

37.9%

JSON

Related for CVE-2023-33001

cvelist1 alpinelinux1 prion1 veracode1 osv1 github1 nessus1