Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.

Affected Packages

Maven com.datapipe.jenkins.plugins:hashicorp-vault-plugin

Affected versions: 0 (fixed in 3.8.0)

Related CVEs

CVE-2022-23109

Key Information

GHSA ID

GHSA-h6x7-jq46-fp33

Published

January 13, 2022 12:00 AM

Last Modified

October 27, 2023 4:22 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.datapipe.jenkins.plugins:hashicorp-vault-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.