Description
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075
Related Vulnerabilities
CVE-2023-5245 Vulnerability in maven package ml.combust.bundle:bundle-ml_2.12
CVE-2020-28269 Vulnerability in npm package field
CVE-2016-6793 Vulnerability in maven package org.apache.wicket:wicket-util
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14
CVE-2022-43402 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps