Description
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945
Related Vulnerabilities
CVE-2020-7663 Vulnerability in maven package org.webjars.npm:websocket-extensions
CVE-2023-40336 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc
CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2019-10420 Vulnerability in maven package org.jenkins-ci.plugins:assembla