Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2020-7663 Vulnerability in maven package org.webjars.npm:websocket-extensions

CVE-2023-40336 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder

CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc

CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-10420 Vulnerability in maven package org.jenkins-ci.plugins:assembla

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo