Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-33001

UNKNOWN
Published 2023-05-16T16:00:18.099Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-33001. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.002
probability
of exploitation in the wild

There is a 0.2% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.477
Higher than 47.7% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Description

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins Project

Jenkins HashiCorp Vault Plugin

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Jenkins HashiCorp Vault Plugin has improper masking of credentials

GHSA-v3fv-v9m6-26g3

Advisory Details

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials printed in the build log from Pipeline steps like `sh` and `bat`, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent (typically inside a `node` block). - Push mode for durable task logging is enabled. This is a hidden option in Pipeline: Nodes and Processes that can be enabled through the Java system property `org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING`. It is also automatically enabled by some plugins, e.g., OpenTelemetry and Pipeline Logging over CloudWatch. An improvement in Credentials Binding 523.525.vb_72269281873 implements a workaround that applies build log masking even in affected plugins. This workaround is temporary and potentially incomplete, so it is still recommended that affected plugins be updated to resolve this issue. As of publication of this advisory, there is no fix.

Affected Packages

Maven com.datapipe.jenkins.plugins:hashicorp-vault-plugin
ECOSYSTEM: ≥0 ≤360.v0a

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-33001
WEB https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077

Advisory provided by GitHub Security Advisory Database. Published: May 16, 2023, Modified: May 17, 2023

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077
Published: 2023-05-16T16:00:18.099Z
Last Modified: 2025-01-23T15:50:41.687Z
Copied to clipboard!