Description

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184

Related Vulnerabilities

CVE-2021-36162 Vulnerability in maven package org.apache.dubbo:dubbo-cluster

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-spring

CVE-2019-1003066 Vulnerability in maven package org.jvnet.hudson.plugins:bugzilla

CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core_2.10

CVE-2022-23712 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory