Description
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2944
Related Vulnerabilities
CVE-2020-1926 Vulnerability in maven package org.apache.hive:hive-service
CVE-2022-25894 Vulnerability in maven package com.bstek.uflo:uflo-core
CVE-2019-10305 Vulnerability in maven package com.xebialabs.xl-deploy:jenkins-dependendencies
CVE-2022-32114 Vulnerability in npm package @strapi/strapi
CVE-2020-26259 Vulnerability in maven package com.thoughtworks.xstream:xstream