Description
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2962
Related Vulnerabilities
CVE-2007-0184 Vulnerability in maven package dwr:dwr
CVE-2020-1959 Vulnerability in maven package org.apache.syncope.client:syncope-client-enduser
CVE-2022-36084 Vulnerability in npm package cruddl
CVE-2011-2087 Vulnerability in maven package org.apache.struts:struts2-javatemplates-plugin
CVE-2020-2271 Vulnerability in maven package org.jenkins-ci.plugins:locked-files-report