Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2020-16044 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-21479 Vulnerability in maven package com.sap.scimono:scimono-server

CVE-2020-6460 Vulnerability in npm package electron

CVE-2019-0233 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo