Description
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146
Related Vulnerabilities
CVE-2014-7839 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2020-10718 Vulnerability in maven package org.wildfly.core:wildfly-embedded
CVE-2023-28674 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2023-36468 Vulnerability in maven package org.xwiki.platform:xwiki-platform-core