Description
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Remediation
References
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351
http://www.openwall.com/lists/oss-security/2019/09/25/3
Related Vulnerabilities
CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer
CVE-2023-49652 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine
CVE-2023-41327 Vulnerability in maven package org.wiremock:wiremock-webhooks-extension
CVE-2013-2165 Vulnerability in maven package org.richfaces:richfaces
CVE-2015-0226 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom