CVE-2023-33001

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-532
View all →

Vulnerability Description

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

Related Vulnerabilities

CVE-2012-1156

HIGH
CVSS:7.5(High)

Moodle before 2.2.2 has users' private files included in course backups

CWE-5322012

CVE-2013-1771

HIGH
CVSS:7.5(High)

The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.

CWE-5322013

CVE-2015-8977

HIGH
CVSS:7.5(High)

MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.

CWE-5322015

CVE-2016-0875

HIGH
CVSS:7.5(High)

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

CWE-5322016

CVE-2016-0879

HIGH
CVSS:7.5(High)

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive informatio...

CWE-5322016

CVE-2016-6799

HIGH
CVSS:7.5(High)

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a se...

CWE-5322016