Description
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
Related Vulnerabilities
CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook
CVE-2023-30527 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex
CVE-2020-2300 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2020-7019 Vulnerability in maven package org.elasticsearch.plugin:x-pack