Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2022-41714 Vulnerability in npm package fastest-json-copy

CVE-2023-37953 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2018-1305 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-40816 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2016-7103 Vulnerability in maven package org.fujion.webjars:jquery-ui

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo