GHSA-cpm5-cqr9-7p79, CVE-2022-41248
maven/org.jenkins-ci.plugins/bigpanda-jenkins
Missing Password Field Masking
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.
All versions up to 1.4.0
Unfortunately, there is no solution available yet.
2022-09-27
source |