Moderate severityNVD Advisory· Published Apr 12, 2023· Updated Feb 7, 2025

CVE-2023-30515

Description

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.jenkins.plugins:thycotic-devops-secrets-vaultMaven	<= 1.0.0	—

Affected products

ghsa-coords
pkg:maven/io.jenkins.plugins/thycotic-devops-secrets-vault
Range: <= 1.0.0
Jenkins Project/Thycotic DevOps Secrets Vault Plugincpe-rescue
Range: 0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-f244-f9fc-w6fqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-30515ghsaADVISORY
www.jenkins.io/security/advisory/2023-04-12/ghsavendor-advisoryWEB
www.openwall.com/lists/oss-security/2023/04/13/3ghsaWEB

News mentions

Jenkins Security Advisory 2023-04-12
Jenkins Security Advisories · Apr 12, 2023

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000