Description
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Remediation
References
https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1374
http://www.openwall.com/lists/oss-security/2020/05/06/3
Related Vulnerabilities
CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2022-29036 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds
CVE-2022-2422 Vulnerability in npm package feathers-sequelize
CVE-2019-1003097 Vulnerability in maven package com.ds.tools.hudson:crowd
CVE-2011-4905 Vulnerability in maven package activemq:activemq-core