Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2022-25927 Vulnerability in maven package org.webjars.npm:ua-parser-js

CVE-2019-15903 Vulnerability in npm package dbus

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common

CVE-2019-0194 Vulnerability in maven package org.apache.camel:camel-core

CVE-2020-15096 Vulnerability in maven package org.webjars.npm:electron

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo