Description
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2962
Related Vulnerabilities
CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-6532 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-29522 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2020-2321 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin