Description
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
http://www.securityfocus.com/bid/107295
https://jenkins.io/security/advisory/2019-02-19/#SECURITY-876
Related Vulnerabilities
CVE-2021-21364 Vulnerability in maven package io.swagger:swagger-codegen
CVE-2016-10565 Vulnerability in npm package operadriver
CVE-2020-8149 Vulnerability in npm package logkitty
CVE-2022-2421 Vulnerability in maven package org.webjars.npm:socket.io-parser
CVE-2020-35490 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind