Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-50772 Vulnerability in maven package com.zintow:dingding-json-pusher

Description

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184

Related Vulnerabilities

CVE-2020-6429 Vulnerability in npm package electron

CVE-2022-34211 Vulnerability in maven package org.jenkins-ci.plugins:vmware-vrealize-orchestrator

CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-base

CVE-2020-10714 Vulnerability in maven package org.wildfly.security:wildfly-elytron

CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory