Description
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/09/21/5
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2243
Related Vulnerabilities
CVE-2023-50449 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-39243 Vulnerability in maven package com.zaxxer:nuprocess
CVE-2020-8929 Vulnerability in maven package com.google.crypto.tink:tink
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.convertors
CVE-2023-29234 Vulnerability in maven package org.apache.dubbo:dubbo