vulnerability
Jenkins Advisory 2022-01-12: CVE-2022-23109: Improper credentials masking in HashiCorp Vault Plugin
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jan 13, 2022 | Jan 13, 2022 | Mar 27, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jan 13, 2022
Added
Jan 13, 2022
Modified
Mar 27, 2026
Description
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Solutions
jenkins-lts-upgrade-2_319_2jenkins-upgrade-2_330
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.