Description
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1497
Related Vulnerabilities
CVE-2021-36774 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2020-14060 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service
CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api
CVE-2020-26274 Vulnerability in npm package systeminformation