Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523