Description
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-929
Related Vulnerabilities
CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core_2.11
CVE-2020-2283 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner
CVE-2019-20503 Vulnerability in npm package electron
CVE-2020-26217 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2016-7103 Vulnerability in maven package org.fujion.webjars:jquery-ui