Description
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944
Related Vulnerabilities
CVE-2021-25987 Vulnerability in npm package hexo
CVE-2021-37579 Vulnerability in maven package org.apache.dubbo:dubbo-common
CVE-2020-7707 Vulnerability in maven package org.webjars.npm:property-expr
CVE-2022-41713 Vulnerability in npm package deep-object-diff
CVE-2021-41184 Vulnerability in maven package org.webjars:jquery-ui