Description
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075
Related Vulnerabilities
CVE-2019-16564 Vulnerability in maven package com.paul8620.jenkins.plugins:pipeline-aggregator-view
CVE-2019-10805 Vulnerability in npm package valib
CVE-2022-34662 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common
CVE-2021-33561 Vulnerability in maven package com.shopizer:shopizer
CVE-2023-29922 Vulnerability in maven package tech.powerjob:powerjob