Description
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075
Related Vulnerabilities
CVE-2022-39135 Vulnerability in maven package org.apache.calcite:calcite-core
CVE-2021-21364 Vulnerability in maven package io.swagger:swagger-codegen
CVE-2020-4051 Vulnerability in maven package org.webjars.bowergithub.dojo:dijit
CVE-2021-23346 Vulnerability in maven package org.webjars.npm:html-parse-stringify2
CVE-2022-34112 Vulnerability in maven package io.dataease:dataease-plugin-common