Olivier Lamy

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.478 and earlier Jenkins LTS versions 2.462.2 and earlier **Description** The issue is related to the lack of protection for sensitive data in Jenkins. Specifically, Jenkins does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. This can result in exposure of multi-line secrets through those error messages, for example, in the system log. An attacker could exploit this to gain unauthorized access to confidential information in the system. **Recommendations** For Jenkins versions 2.478 and earlier, upgrade to version 2.479 or later. For Jenkins LTS versions 2.462.2 and earlier, upgrade to version 2.462.3 or later. As a temporary workaround, consider restricting access to error messages that may contain sensitive information until a patch is applied.