Description
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Remediation
References
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-713
http://www.openwall.com/lists/oss-security/2019/07/31/1
Related Vulnerabilities
CVE-2017-1000393 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-36909 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2020-10748 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2016-3674 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2018-1000604 Vulnerability in maven package org.jenkins-ci.plugins:badge