Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Jenkins
Information Disclosure
Configuration As Code
NVD
CVSS 3.1
3.3
EPSS
0.4%