Description
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-0102 Vulnerability (CVE-2012-0102)
Ruby Improper Authentication Vulnerability (CVE-2007-5162)
Oracle JRE CVE-2019-2992 Vulnerability (CVE-2019-2992)
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-8580)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.22)