Insecure Credential Logging in Jenkins Thycotic DevOps Secrets Vault Plugin

Insecure Credential Logging in Jenkins Thycotic DevOps Secrets Vault Plugin

CVE-2023-30515 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Learn more about our Web Application Penetration Testing UK.