Vulnerability Database

314,486

Total vulnerabilities in the database

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Published: May 16, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-33001
GHSA: GHSA-v3fv-v9m6-26g3
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
com.datapipe.jenkins.plugins / hashicorp-vault-plugin	-	360.v0a.x
jenkins / hashicorp_vault	-	360.v0a_1c04cf807d.x

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo