Description
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1021
Related Vulnerabilities
CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-34179 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status
CVE-2016-7103 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2019-10320 Vulnerability in maven package org.jenkins-ci.plugins:credentials
CVE-2022-44621 Vulnerability in maven package org.apache.kylin:kylin-server-base