GHSA-h6x7-jq46-fp33

Source

https://github.com/advisories/GHSA-h6x7-jq46-fp33

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-h6x7-jq46-fp33/GHSA-h6x7-jq46-fp33.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h6x7-jq46-fp33

Aliases

CVE-2022-23109

Published

2022-01-13T00:00:54Z

Modified

2024-02-16T08:20:55.486346Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Improper credentials masking in Jenkins HashiCorp Vault Plugin

Details

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.

Database specific

{
    "nvd_published_at": "2022-01-12T20:15:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-29T21:17:59Z"
}

References

Affected packages

Maven / com.datapipe.jenkins.plugins:hashicorp-vault-plugin

Package

Name: com.datapipe.jenkins.plugins:hashicorp-vault-plugin; View open source insights on deps.dev
Purl: pkg:maven/com.datapipe.jenkins.plugins/hashicorp-vault-plugin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.0

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.2.0

2.3.0

2.3.1

2.4.0

2.5.0

3.*

3.0.0

3.1.0

3.1.1

3.2.0

3.3.0

3.4.0

3.4.1

3.5.0

3.6.0

3.6.1

3.7.0