WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-50772 Vulnerability in maven package com.zintow:dingding-json-pusher

Description

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184

Related Vulnerabilities

CVE-2022-45381 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-utility-steps

CVE-2023-49655 Vulnerability in maven package org.jenkins-ci.plugins:matlab

CVE-2022-31197 Vulnerability in maven package org.postgresql:postgresql

CVE-2020-2126 Vulnerability in maven package com.dubture.jenkins:digitalocean-plugin

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_2.13

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory