Description
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
Remediation
References
https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1835
http://www.openwall.com/lists/oss-security/2020/05/06/3
Related Vulnerabilities
CVE-2021-40369 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2021-27290 Vulnerability in maven package org.webjars.npm:ssri
CVE-2023-36472 Vulnerability in npm package @strapi/admin
CVE-2019-0187 Vulnerability in maven package org.apache.jmeter:apachejmeter_core
CVE-2021-22114 Vulnerability in maven package org.springframework.integration:spring-integration-zip