Jenkins Pipeline is vulnerable to sensitive information disclosure. It allows attackers with Item/Read permission to retrieve the default password parameter value from jobs. A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromises confidentiality.