Description
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009
Related Vulnerabilities
CVE-2023-37914 Vulnerability in maven package org.xwiki.platform:xwiki-platform-invitation-ui
CVE-2022-43413 Vulnerability in maven package org.jenkins-ci.plugins:job-import-plugin
CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2023-31098 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2021-32730 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui