Description
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/09/21/5
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243
Related Vulnerabilities
CVE-2020-7746 Vulnerability in maven package org.webjars.bowergithub.chartjs:chart.js
CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc
CVE-2022-23974 Vulnerability in maven package org.apache.pinot:pinot
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2021-21619 Vulnerability in maven package org.jenkins-ci.plugins:claim