Description
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774
Related Vulnerabilities
CVE-2023-34062 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http
CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib
CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2017-3156 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2