Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2020-1731 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2019-10297 Vulnerability in maven package org.jenkins-ci.plugins:sametime

CVE-2020-11022 Vulnerability in maven package org.webjars.npm:jquery

CVE-2018-1999026 Vulnerability in maven package de.tracetronic.jenkins.plugins:ecutest

CVE-2021-26275 Vulnerability in npm package eslint-fixer

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo