Description
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146
Related Vulnerabilities
CVE-2017-5662 Vulnerability in maven package org.apache.xmlgraphics:batik-rasterizer
CVE-2011-1077 Vulnerability in maven package org.apache.archiva:archiva
CVE-2013-4390 Vulnerability in maven package org.apache.sling:org.apache.sling.auth.core
CVE-2023-45827 Vulnerability in npm package @clickbar/dot-diver