Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component, an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component...

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

GHSA-F244-F9FC-W6FQ Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

CVE-2023-30515

CVE-2023-30515 affects Jenkins Thycotic DevOps Secrets Vault Plugin, 1.0.0 and earlier, where credentials are not properly masked in build logs when push mode for durable task logging is enabled. The available documents confirm this vulnerability exists in the Thycotic plugin (CVE-2023-30515) and...