Critical Vulnerability Information Vulnerability Types Improper Credential Masking: Credentials are not properly masked in the Credentials Binding Plugin. File Path Information Disclosure: The HTML Publisher Plugin has a file path information disclosure issue. Lack of Input Validation for Parameter Values: The Git Parameter Plugin lacks necessary input validation for parameter values. Tokens Stored in Plain Text: Multiple plugins (e.g., Aqua Security Scanner Plugin, Statistics Gathering Plugin, etc.) store and display sensitive tokens in plain text. Affected Scope Affected Plugins: - Credentials Binding Plugin - HTML Publisher Plugin - Git Parameter Plugin - Aqua Security Scanner Plugin - Statistics Gathering Plugin - ReadyAPI Functional Testing Plugin - Applitools Eyes Plugin - QMetry Test Management Plugin - IFTTT Build Notifier Plugin - IBM Cloud DevOps Plugin - Dead Man's Snitch Plugin - Maddy Plugin - Novoza DexCloud Plugin - Kryptonite Plugin - Sentredis Api Plugin - Warrior Framework Plugin - Xoon Plugin - Userlist Ufacast Plugin Severity High: Involves credential leakage and file path information disclosure. Medium: Lack of input validation for parameter values, potentially leading to injection attacks. Mitigation Measures Update Plugins: Ensure all affected plugins are updated to the latest versions. Configuration Review: Inspect and adjust plugin configurations to ensure sensitive information is adequately protected. Acknowledgments Thank you to the security researchers and teams who discovered and reported these vulnerabilities.