Description
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146
Related Vulnerabilities
CVE-2016-6651 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2022-22968 Vulnerability in maven package org.springframework:spring-context
CVE-2019-17563 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-server-spi-private