Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
Related Vulnerabilities
CVE-2019-16728 Vulnerability in npm package dompurify
CVE-2023-28103 Vulnerability in npm package matrix-react-sdk
CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2020-27196 Vulnerability in maven package com.typesafe.play:play-java
CVE-2021-36372 Vulnerability in maven package org.apache.ozone:ozone-common