Description
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.
Remediation
References
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883
Related Vulnerabilities
CVE-2018-1000862 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-11537 Vulnerability in maven package org.webjars.npm:angular-jwt
CVE-2020-2265 Vulnerability in maven package org.jenkins-ci.plugins:covcomplplot
CVE-2020-2259 Vulnerability in maven package org.jenkins-ci.plugins:computer-queue-plugin