Description
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
Remediation
References
https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp
Related Vulnerabilities
CVE-2023-50768 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin
CVE-2023-28669 Vulnerability in maven package org.jenkins-ci.plugins:jacoco
CVE-2022-41251 Vulnerability in maven package org.jenkins-ci.plugins:apprenda
CVE-2023-46233 Vulnerability in maven package org.webjars.npm:github-com-brix-crypto-js
CVE-2020-2194 Vulnerability in maven package io.jenkins.plugins:echarts-api