Description
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017
Related Vulnerabilities
CVE-2023-34054 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http
CVE-2023-26136 Vulnerability in maven package org.webjars.bowergithub.salesforce:tough-cookie
CVE-2022-45146 Vulnerability in maven package org.bouncycastle:bc-fips-debug
CVE-2019-1003061 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-cloudformation-plugin