Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2020-2297 Vulnerability in maven package com.hoiio.jenkins:sms

CVE-2023-35931 Vulnerability in npm package shescape

CVE-2020-1960 Vulnerability in maven package org.apache.flink:flink-metrics-jmx

CVE-2021-33900 Vulnerability in maven package org.apache.directory.studio:org.apache.directory.studio.parent

CVE-2019-10341 Vulnerability in maven package io.jenkins.docker:docker-plugin

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory