Description
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3017
Related Vulnerabilities
CVE-2019-10317 Vulnerability in maven package org.jvnet.hudson.plugins:sitemonitor
CVE-2023-29015 Vulnerability in maven package io.goobi.viewer:viewer-core
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hbase_2-client-service
CVE-2015-8131 Vulnerability in npm package kibana
CVE-2013-6373 Vulnerability in maven package org.jenkins-ci.plugins:exclusion