Description
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009
Related Vulnerabilities
CVE-2014-3679 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring
CVE-2019-10453 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2018-11087 Vulnerability in maven package com.rabbitmq:amqp-client
CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2020-25633 Vulnerability in maven package org.jboss.resteasy:resteasy-client-api