4.3
CVSS CVSS_V3
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml
of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.