Description
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2992
Related Vulnerabilities
CVE-2021-25864 Vulnerability in npm package node-red-contrib-huemagic
CVE-2020-7640 Vulnerability in npm package fun-map
CVE-2020-9489 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2023-26136 Vulnerability in maven package org.webjars.bowergithub.salesforce:tough-cookie
CVE-2020-26870 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify