Description
Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.
Remediation
References
https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090
http://www.openwall.com/lists/oss-security/2023/08/16/3
Related Vulnerabilities
CVE-2023-49375 Vulnerability in maven package com.jfinal:jfinal
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2021-39199 Vulnerability in npm package remark-html
CVE-2020-1941 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2017-12621 Vulnerability in maven package commons-jelly:commons-jelly