Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2022-36899 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations

CVE-2020-6428 Vulnerability in npm package electron

CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed

CVE-2023-30428 Vulnerability in maven package org.apache.pulsar:pulsar-broker

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wms

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory