Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2020-27216 Vulnerability in maven package org.mortbay.jetty:jetty

CVE-2020-2161 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-16728 Vulnerability in maven package org.webjars.bower:dompurify

CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo