Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2020-6541 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-13931 Vulnerability in maven package org.apache.tomee:openejb-loader

CVE-2020-2181 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding

CVE-2018-20433 Vulnerability in maven package c3p0:c3p0

CVE-2020-2219 Vulnerability in maven package org.jenkins-ci.plugins:link-column

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo