Description
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
Remediation
References
Related Vulnerabilities
SharePoint Improper Input Validation Vulnerability (CVE-2009-3830)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.6.8)
TYPO3 Other Vulnerability (CVE-2012-1605)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)