Description
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/09/21/5
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243
Related Vulnerabilities
CVE-2021-21165 Vulnerability in npm package electron
CVE-2019-1353 Vulnerability in maven package org.webjars.npm:nodegit
CVE-2020-11973 Vulnerability in maven package org.apache.camel:camel-netty
CVE-2020-20739 Vulnerability in npm package libvips
CVE-2022-41678 Vulnerability in maven package org.apache.activemq:apache-activemq