VYPR

Maven package

org.jenkins-ci.plugins/azure-keyvault

pkg:maven/org.jenkins-ci.plugins/azure-keyvault

Vulnerabilities (2)

  • CVE-2023-30514Apr 12, 2023
    affected < 188.vf46bfixed 188.vf46b

    Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

  • CVE-2020-2313Nov 4, 2020
    affected < 2.1fixed 2.1

    A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.