Описание
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Пакеты
Наименование
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
maven
Затронутые версииВерсия исправления
< 3.8.0
3.8.0
Связанные уязвимости
CVSS3: 6.5
nvd
около 4 лет назад
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.