CVE-2023-30528: 
Java vulnerability analysis and mitigation

The Jenkins WSO2 Oauth Plugin version 1.0 and earlier contains a security vulnerability identified as CVE-2023-30528. This vulnerability was disclosed on April 12, 2023, and is related to improper masking of sensitive information in the global configuration form. The vulnerability affects the WSO2 Oauth Plugin for Jenkins, specifically versions up to and including 1.0 (Jenkins Advisory).

The vulnerability is classified with a Low severity CVSS rating. The issue specifically involves the plugin's failure to mask (hide with asterisks) the WSO2 Oauth client secret on the global configuration form. This is part of a dual vulnerability, where CVE-2023-30527 addresses the storage aspect and CVE-2023-30528 addresses the masking issue (Jenkins Advisory).

The vulnerability increases the potential for attackers to observe and capture the WSO2 Oauth client secret through the global configuration form. This exposure of sensitive credentials could potentially lead to unauthorized access to WSO2 OAuth-protected resources (Jenkins Advisory).

As of the advisory's publication date, there is no fix available for this vulnerability in the WSO2 Oauth Plugin. Organizations using this plugin should carefully consider the risk and potentially limit access to the Jenkins global configuration form until a fix is released (Jenkins Advisory).

The vulnerability was discovered and reported by Kevin Guerroudj from CloudBees, Inc. The Jenkins security team has classified this as a low severity issue, indicating while it represents a security concern, it may not be as critical as other vulnerabilities announced in the same advisory (Jenkins Advisory, OSS Security).