CVE-2023-33001

Summary

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins HashiCorp Vault Plugin0 <= 360.v0a_1c04cf807daffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References