CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2023/04/17 1:32 p.m.•17 views

What's the Difference Between CSPM & SSPM?

Cloud Security Posture Management CSPM and SaaS Security Posture Management SSPM are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion...

6.2AI score

Tenable Nessus•added 2023/04/13 12:0 a.m.•22 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

8.8CVSS5.9AI score0.07113EPSS

Exploits0References21

Github Security Blog•added 2023/04/12 6:30 p.m.•26 views

Jenkins Azure Key Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

7.5CVSS7.5AI score0.01476EPSS

Exploits0References4Affected Software1

OSV•added 2023/04/12 6:30 p.m.•20 views

GHSA-F244-F9FC-W6FQ Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials

4.3CVSS7.5AI score0.0025EPSS

Exploits0References3

Github Security Blog•added 2023/04/12 6:30 p.m.•31 views

Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials

7.5CVSS7.5AI score0.01476EPSS

Exploits0References4Affected Software1

OSV•added 2023/04/12 6:30 p.m.•17 views

GHSA-V5HQ-CQQR-6W4G Jenkins Kubernetes Plugin does not properly mask credentials

4.3CVSS7.5AI score0.01476EPSS

Exploits0References3

OSV•added 2023/04/12 6:15 p.m.•0 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.1AI score0.0025EPSS

NVD•added 2023/04/12 6:15 p.m.•10 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.6AI score0.0025EPSS

Prion•added 2023/04/12 6:15 p.m.•15 views

Design/Logic Flaw

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

5CVSS7.5AI score0.0025EPSS

Cvelist•added 2023/04/12 5:5 p.m.•12 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.7AI score0.0025EPSS

CVE•added 2023/04/12 5:5 p.m.•46 views

CVE-2023-30515

CVE-2023-30515 affects Jenkins Thycotic DevOps Secrets Vault Plugin, 1.0.0 and earlier, where credentials are not properly masked in build logs when push mode for durable task logging is enabled. The available documents confirm this vulnerability exists in the Thycotic plugin (CVE-2023-30515) and...

7.5CVSS7.4AI score0.0025EPSS

Vulnrichment•added 2023/04/12 5:5 p.m.•6 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.1AI score0.0025EPSS

CNNVD•added 2023/04/12 12:0 a.m.•1 views

Jenkins Plugin Thycotic DevOps Secrets Vault 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.0025EPSS

Exploits0References4

Microsoft Secure•added 2023/04/06 5:0 p.m.•22 views

DevOps threat matrix

The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time-to-market of new features and bug fixes. More and more companies are implementing DevOps services, each with its own infrastructur...

8.3AI score

Microsoft Malware Protection•added 2023/04/06 5:0 p.m.•31 views

DevOps threat matrix

8.3AI score

OSV•added 2023/03/28 8:15 p.m.•1 views

CVE-2023-25722

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

5.5CVSS6.1AI score

Prion•added 2023/03/28 8:15 p.m.•8 views

Code injection

1.7CVSS5.5AI score0.00051EPSS

CVE•added 2023/03/28 12:0 a.m.•67 views

CVE-2023-25722

Summary of concrete details (CVE-2023-25722) Multiple connected sources document a credential-leak vulnerability in Veracode integrations. The affected components include: Veracode Scan Jenkins Plugin prior to 23.3.19.0 when configured for remote agent jobs (and when using proxy with credentials)...

5.5CVSS5.4AI score0.00051EPSS

Cvelist•added 2023/03/28 12:0 a.m.•11 views

CVE-2023-25722

5.8AI score0.00051EPSS