logo

Database

Weak credential policy In com.datapipe.jenkins.plugins:hashicorp-vault-plugin

Description

Improper credentials masking in Jenkins HashiCorp Vault Plugin Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-231092. NVD-2022-231093. OSV-2022-231094. GCVE-2022-23109

References

1. https://github.com/jenkinsci/hashicorp-vault-plugin/commit/c7ad9779320bd8640d83790a985ebab240249b132. https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-22133. http://www.openwall.com/lists/oss-security/2022/01/12/6

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.