Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2020-11022 Vulnerability in maven package org.webjars.npm:jquery

CVE-2022-25206 Vulnerability in maven package org.jenkins-ci.plugins:dbcharts

CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-core

CVE-2023-31062 Vulnerability in maven package org.apache.inlong:manager-pojo

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory