Description
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944
Related Vulnerabilities
CVE-2021-30246 Vulnerability in npm package jsrsasign
CVE-2018-1000410 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-2246 Vulnerability in maven package org.jenkins-ci.plugins:valgrind
CVE-2020-2176 Vulnerability in maven package it.infuse.jenkins:usemango-runner
CVE-2019-10907 Vulnerability in maven package org.airsonic.player:airsonic-main