Description
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146
Related Vulnerabilities
CVE-2020-1913 Vulnerability in npm package hermes-engine
CVE-2018-16115 Vulnerability in maven package com.typesafe.akka:akka-actor_2.11
CVE-2016-3721 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-37478 Vulnerability in npm package @pnpm/cafs
CVE-2012-2378 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal