Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
Related Vulnerabilities
CVE-2023-45819 Vulnerability in maven package org.webjars.npm:tinymce
CVE-2020-2242 Vulnerability in maven package org.jenkins-ci.plugins:database
CVE-2018-8041 Vulnerability in maven package org.apache.camel:camel-mail
CVE-2019-0222 Vulnerability in maven package org.fusesource.mqtt-client:mqtt-client
CVE-2023-31103 Vulnerability in maven package org.apache.inlong:manager-pojo