7 matches found
CVE-2023-30514
Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
Jenkins Azure Key Vault Plugin does not properly mask credentials
Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...
CVE-2023-30514
Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2023-30514
CVE-2023-30514 affects the Jenkins Azure Key Vault Plugin; by 187.va_cd5fecd198a_ and earlier, credentials could be exposed in build logs when durable-task push-mode logging is enabled. The CVSSv3.1 base score is 7.5 (HIGH). CloudBees advisory notes that a fix exists in the newer Azure Key Vault ...
CVE-2020-2313
Summary: CVE-2020-2313 affects the Jenkins Azure Key Vault Plugin (versions 2.0 and earlier). The issue is a missing permission check on multiple HTTP endpoints, allowing attackers who have Overall/Read permission to enumerate credentials IDs stored in Jenkins. Impact (as stated): Credentials IDs...
CVE-2020-2313
A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...