CVE-2023-30514

CVE Database · CVE-2023-30514

CVE-2023-30514

· HIGHModified

CVSS v3.1

7.5

EPSS

0.48%

Published

Apr 12, 2023

Modified

Feb 7, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-319CWE-319

Affected Products (1)

jenkins · azure_key_vaultvulnerable

References (4)

http://www.openwall.com/lists/oss-security/2023/04/13/3

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075

Vendor Advisory

http://www.openwall.com/lists/oss-security/2023/04/13/3

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs