Description
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Remediation
References
https://pivotal.io/security/cve-2020-5404
Related Vulnerabilities
CVE-2022-46688 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit
CVE-2021-32012 Vulnerability in npm package xlsx
CVE-2018-1000997 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-5388 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-30518 Vulnerability in maven package io.jenkins.plugins:thycotic-secret-server