Description
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Remediation
References
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075
http://www.openwall.com/lists/oss-security/2023/04/13/3
Related Vulnerabilities
CVE-2018-16474 Vulnerability in npm package tianma-static
CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2023-49145 Vulnerability in maven package org.apache.nifi:nifi-jolt-transform-json-ui
CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:blazeds-common
CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war