Description
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243
http://www.openwall.com/lists/oss-security/2022/09/21/5
Related Vulnerabilities
CVE-2023-37950 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2015-0254 Vulnerability in maven package jstl:jstl
CVE-2023-27479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui
CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2022-36895 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-utilities