Description
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2480
Related Vulnerabilities
CVE-2021-31597 Vulnerability in npm package xmlhttprequest-ssl
CVE-2019-10416 Vulnerability in maven package org.jenkins-ci.plugins:violation-comments-to-gitlab
CVE-2018-1336 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2023-1436 Vulnerability in maven package org.codehaus.jettison:jettison