Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook

CVE-2023-30527 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth

CVE-2022-45400 Vulnerability in maven package org.jvnet.hudson.plugins:japex

CVE-2020-2300 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2020-7019 Vulnerability in maven package org.elasticsearch.plugin:x-pack

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory