Description

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2992

Related Vulnerabilities

CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-storage-script-dev-server

CVE-2021-23416 Vulnerability in npm package curly-bracket-parser

CVE-2020-11023 Vulnerability in npm package jquery

CVE-2021-23362 Vulnerability in maven package org.webjars.npm:hosted-git-info

CVE-2020-6454 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory