Description
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075
Related Vulnerabilities
CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view
CVE-2019-19771 Vulnerability in npm package hdeky
CVE-2020-11072 Vulnerability in npm package slpjs
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer
CVE-2023-50449 Vulnerability in maven package com.jfinal:jfinal