2 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Azure Key Vault Plugin versiones 2.0 y anteriores, permite a atacantes con permiso Overall/Read enumerar ID de credenciales almacenadas en Jenkins • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2110 •